CVE-2026-9804 in KubeVirt정보

요약

\~에 의해 MITRE • 2026. 05. 28.

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Redhat

예약하다

2026. 05. 28.

공개

2026. 05. 28.

모더레이션

수락

항목

VDB-366747

CPE

준비됨

CWE

CWE-59 (확인됨)

CVSS

7.7 (CNA)

EPSS

0.00029

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9804
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9804
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9804/

◂ 이전 개요 다음 ▸

Do you know our Splunk app?

Download it now for free!