PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57966 Red Hat CVE debrief

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. The vulnerability occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation. Users should be cautious when connecting to untrusted SPICE hosts.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
MEDIUM 4.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-29
Original CVE updated
2026-06-29
Advisory published
2026-06-29
Advisory updated
2026-06-29

Who should care

Users of spice-vdagent, especially those who connect to untrusted or potentially compromised SPICE hosts, should be aware of this vulnerability. System administrators and security teams should assess the risk and apply necessary patches or mitigations. Developers of SPICE host and guest systems may also need to review and update their code to prevent similar vulnerabilities.

Technical summary

The CVE-2026-57966 vulnerability is a path traversal issue in the spice-vdagent software. It allows an attacker to write files to arbitrary locations on the guest operating system by providing maliciously crafted filenames during file transfers. The vulnerability exists due to inadequate sanitization of filenames provided by the SPICE host. The CVSS score for this vulnerability is 4.4, indicating a medium severity level. The vulnerability can be exploited by a malicious SPICE host, and it requires the host to be untrusted or compromised.

Defensive priority

Apply patches or updates to spice-vdagent to fix the path traversal vulnerability. Be cautious when connecting to untrusted SPICE hosts, and consider implementing additional security measures to prevent exploitation.

Recommended defensive actions

  • Apply patches or updates to spice-vdagent to fix the path traversal vulnerability.
  • Be cautious when connecting to untrusted SPICE hosts.
  • Implement additional security measures, such as validating filenames and restricting write access.
  • Monitor systems for suspicious activity related to spice-vdagent.
  • Consider using secure file transfer protocols and validating file names on the guest OS.

Evidence notes

The CVE-2026-57966 vulnerability was found in spice-vdagent. The vulnerability allows a malicious SPICE host to write arbitrary files to any location on the guest operating system. The issue occurs because filenames provided by the SPICE host are not properly sanitized. The CVSS score for this vulnerability is 4.4, indicating a medium severity level. The vulnerability requires the SPICE host to be untrusted or compromised for exploitation.

Official resources

This article is AI-assisted and based on the supplied source corpus.