PatchSiren cyber security CVE debrief
CVE-2026-13325 Red Hat CVE debrief
A flaw was found in KubeVirt's migration proxy when spec.configuration.migrations.disableTLS is set to true. This setting causes the target virt-handler to bind a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. Consequently, an attacker with a running pod on the cluster network can connect to this listener and issue unfiltered libvirt RPC commands against another tenant's virtual machine. Such commands can include reading VM memory and configuration, modifying VM state via QMP, or destroying the VM.
- Vendor
- Red Hat
- Product
- Red Hat OpenShift Virtualization 4
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-07-06
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-07-06
Who should care
Users of KubeVirt, especially those with multi-tenant environments, should be aware of this vulnerability. The flaw allows for potential lateral movement and escalation within the cluster network.
Technical summary
The vulnerability arises from the insecure configuration of the migration proxy in KubeVirt. When disableTLS is set to true, the migration proxy listener is exposed without authentication or encryption. This exposes the virt-launcher's virtqemud control socket to unauthorized access. An attacker can exploit this by connecting to the listener and issuing libvirt RPC commands. The impact includes unauthorized access to VM data, modification of VM state, and potential disruption of VM operations.
Defensive priority
High
Recommended defensive actions
- Review and adjust the KubeVirt configuration to ensure TLS is enabled for migrations.
- Implement network policies to restrict access to the migration proxy listener.
- Monitor for and limit the use of disableTLS in KubeVirt custom resources.
- Apply the provided vendor advisories and patches.
- Conduct regular security audits and vulnerability assessments.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. Vendor advisories and issue tracking references are available for mitigation and patching. Evidence is limited to public sources; defenders should verify with vendors and assess their specific environments. No additional facts are known beyond public disclosures.
Official resources
-
CVE-2026-13325 CVE record
CVE.org
-
CVE-2026-13325 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Issue Tracking
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-26T11:16:30.830Z and has not been modified since then. The NVD entry is currently Analyzed.