CVE-2026-13201
Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification
CVSS Score
5.2
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the intended no-follow protection. An attacker with access to a virt-launcher pod can exploit this to cause virt-handler to apply file ownership or permission changes to an unintended host path.
| CWE | CWE-61 |
| Vendor | red hat |
| Product | red hat openshift virtualization 4 |
| Published | Jun 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat openshift virtualization 4
Be the first to know when new medium vulnerabilities affecting red hat red hat openshift virtualization 4 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
Affected Versions
Red Hat / Red Hat OpenShift Virtualization 4
All versions affected Red Hat / Red Hat OpenShift Virtualization 4
All versions affected References
Credits
This issue was discovered by Huzaifa Sidhpurwala (Red Hat).