CRITICAL🇵🇱 Wersja polska

CVE-2026-24834

CVSS 9.3v3.1pub. 2026-02-19upd. 2026-06-30

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Katacontainers Kata Containers

    APP
    Katacontainers
    < 3.27.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEContainer
CWE
References

Related vulnerabilities

CVE-2026-41326HIGH8.2ten sam produkt

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine...

CVE-2026-24054HIGH8.8ten sam produkt

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine...

CVE-2020-27151HIGH8.8ten sam produkt

An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute bi...

CVE-2020-28914HIGH7.1ten sam vendor

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes ho...

CVE-2020-2026HIGH7.8ten sam vendor

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running mul...