Known Vulnerabilities for products from Kubevirt
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Kubevirt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-13434 json | A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus net... | Not Provided | 2026-06-26 | 2026-07-06 |
| CVE-2026-13325 json | A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt ... | Not Provided | 2026-06-26 | 2026-07-14 |
| CVE-2026-13322 json | Not Provided | 2026-06-26 | 2026-06-26 | |
| CVE-2026-13318 json | A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forwa... | Not Provided | 2026-06-26 | 2026-07-06 |
| CVE-2026-13218 json | Not Provided | 2026-06-26 | 2026-06-26 | |
| CVE-2026-13208 json | A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent ... | Not Provided | 2026-06-24 | 2026-07-06 |
| CVE-2026-13201 json | A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to o... | Not Provided | 2026-06-24 | 2026-07-06 |
| CVE-2026-9804 json | Not Provided | 2026-05-28 | 2026-06-30 | |
| CVE-2026-7374 json | Not Provided | 2026-05-26 | 2026-06-30 | |
| CVE-2026-1530 json | Not Provided | 2026-02-02 | 2026-06-30 | |
| CVE-2023-26484 json | KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken o... | 8.2 - HIGH | 2023-03-15 | 2023-03-27 |
| CVE-2022-1798 json | A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure ... | 6.5 - MEDIUM | 2022-09-15 | 2022-09-19 |
| CVE-2020-14316 json | A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's file... | 9.9 - CRITICAL | 2020-07-29 | 2021-07-21 |
| CVE-2020-1701 json | A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. A... | 6.5 - MEDIUM | 2021-05-27 | 2021-06-10 |
| CVE-2019-10175 json | A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature ... | 6.5 - MEDIUM | 2019-06-28 | 2020-10-01 |
| CVE-2019-3841 json | Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when impor... | 6.8 - MEDIUM | 2019-03-25 | 2019-10-09 |
Known software with vulnerabilities from Kubevirt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kubevirt | Containerized-data-importer | 0.4.0 |
| Application | Kubevirt | Containerized Data Importer | 0.4.0 |
| Application | Kubevirt | Kubevirt | - |