CVE-2026-13201

MEDIUM NVD

CVSS Score 5.2

Severity MEDIUM

Published Jun 24, 2026

Vendor unknown

Description

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the intended no-follow protection. An attacker with access to a virt-launcher pod can exploit this to cause virt-handler to apply file ownership or permission changes to an unintended host path.

References

https://access.redhat.com/security/cve/CVE-2026-13201
https://bugzilla.redhat.com/show_bug.cgi?id=2492203