CVE-2026-24834

HIGH EPSS 13.0%
Published Feb 19, 20264mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Feb 19, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

CVSS Details

Base Score
8.8
Exploitability
2.0
Impact
6.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-732

Affected Products 1

VendorProductVersionRange
katacontainerskata_containers* <3.27.0

References 3

  • github.com https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf
    Patch
  • github.com https://github.com/kata-containers/kata-containers/releases/tag/3.27.0
    ProductRelease Notes
  • github.com https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf
    Patch