{"api_version":"1","generated_at":"2026-07-06T07:17:47+00:00","cve":"CVE-2026-13322","urls":{"html":"https://cve.report/CVE-2026-13322","api":"https://cve.report/api/cve/CVE-2026-13322.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-13322","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-13322"},"summary":{"title":"Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service","description":"A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-06-26 00:16:51","updated_at":"2026-06-26 16:19:06"},"problem_types":["CWE-770","CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"3.8","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"3.8","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492681","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2492681","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-13322","name":"https://access.redhat.com/security/cve/CVE-2026-13322","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-13322","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-13322","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-06-25T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-06-25T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"The downward metrics virtio-serial device must be explicitly added to a VM's specification to be present. Clusters that do not use this feature are not exposed. To reduce exposure, administrators can restrict the ability to configure downward metrics devices on tenant VMs by using an admission webhook or policy controller such as Gatekeeper/OPA.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"This issue was discovered by Huzaifa Sidhpurwala (Red Hat).","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"13322","cve":"CVE-2026-13322","epss":"0.000980000","percentile":"0.009810000","score_date":"2026-06-29","updated_at":"2026-06-30 00:06:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-13322","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-26T13:39:04.943661Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-26T13:39:15.504Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"affected","packageName":"container-native-virtualization/virt-handler","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"affected","packageName":"container-native-virtualization/virt-handler-rhel9","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"This issue was discovered by Huzaifa Sidhpurwala (Red Hat)."}],"datePublic":"2026-06-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Low"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-26T00:04:07.651Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-13322"},{"name":"RHBZ#2492681","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492681"}],"timeline":[{"lang":"en","time":"2026-06-25T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-25T00:00:00.000Z","value":"Made public."}],"title":"Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service","workarounds":[{"lang":"en","value":"The downward metrics virtio-serial device must be explicitly added to a VM's specification to be present. Clusters that do not use this feature are not exposed. To reduce exposure, administrators can restrict the ability to configure downward metrics devices on tenant VMs by using an admission webhook or policy controller such as Gatekeeper/OPA."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-770: Allocation of Resources Without Limits or Throttling"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-13322","datePublished":"2026-06-26T00:04:07.651Z","dateReserved":"2026-06-25T08:58:54.983Z","dateUpdated":"2026-06-26T13:39:15.504Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-26 00:16:51","lastModifiedDate":"2026-06-26 16:19:06","problem_types":["CWE-770","CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:39:04.943661Z","id":"CVE-2026-13322","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"13322","Ordinal":"1","Title":"Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ","CVE":"CVE-2026-13322","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"13322","Ordinal":"1","NoteData":"A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.","Type":"Description","Title":"Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial "}]}}}