CVE-2026-9804: Improper Link Resolution Before File Access ('Link Following') in Red Hat Red Hat OpenShift Virtualization 4
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
AI Analysis
Technical Summary
This vulnerability involves improper link resolution before file access in the virt-exportserver component of KubeVirt within Red Hat OpenShift Virtualization 4. An attacker with namespace-level privileges can exploit a path traversal flaw by placing a symbolic link in an exported filesystem PVC that references files outside the mount root. This enables unauthorized reading of arbitrary files on the exporter pod's filesystem, resulting in potential sensitive data exposure. The CVSS 3.1 base score is 7.7, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
Successful exploitation allows an attacker with namespace-level access to read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data within the cluster environment. There is no indication of integrity or availability impact. No known exploits in the wild have been reported as of the publication date.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-9804 for current remediation guidance. Until an official fix is available, restrict namespace-level permissions to trusted users only and monitor for suspicious activity related to PVC exports. Avoid placing untrusted symbolic links in exported Persistent Volume Claims.
CVE-2026-9804: Improper Link Resolution Before File Access ('Link Following') in Red Hat Red Hat OpenShift Virtualization 4
Description
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
CVSS v3.1
Score 7.7high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper link resolution before file access in the virt-exportserver component of KubeVirt within Red Hat OpenShift Virtualization 4. An attacker with namespace-level privileges can exploit a path traversal flaw by placing a symbolic link in an exported filesystem PVC that references files outside the mount root. This enables unauthorized reading of arbitrary files on the exporter pod's filesystem, resulting in potential sensitive data exposure. The CVSS 3.1 base score is 7.7, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
Successful exploitation allows an attacker with namespace-level access to read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data within the cluster environment. There is no indication of integrity or availability impact. No known exploits in the wild have been reported as of the publication date.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-9804 for current remediation guidance. Until an official fix is available, restrict namespace-level permissions to trusted users only and monitor for suspicious activity related to PVC exports. Avoid placing untrusted symbolic links in exported Persistent Volume Claims.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-05-28T06:10:07.134Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-9804","vendor":"Red Hat"}]
Threat ID: 6a180167e29bf47b50c5971b
Added to database: 5/28/2026, 8:48:39 AM
Last enriched: 5/28/2026, 9:03:25 AM
Last updated: 5/29/2026, 8:22:58 AM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.