Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-13434

CVE-2026-13434: KubeVirt Privilege Escalation Vulnerability

CVE-2026-13434 is a privilege escalation vulnerability in KubeVirt that allows tenants to inject malicious JSON into network annotations, enabling cross-namespace access. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-13434 Overview

CVE-2026-13434 is an input validation flaw in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation. The admission logic only rejects empty strings and performs no DNS-1123 validation, JSON detection, or special character filtering. A tenant holding kubevirt.io:edit permissions can inject a JSON NetworkSelectionElement array that references a NetworkAttachmentDefinition in another namespace. This weakness is tracked under [CWE-20] Improper Input Validation.

Critical Impact

Authenticated tenants can attach launcher pods to network attachments in arbitrary namespaces and impersonate IP and MAC addresses on segregated network segments.

Affected Products

  • KubeVirt v1.8.0 and later with the ExternalNetResourceInjection Beta feature gate enabled
  • Red Hat OpenShift Virtualization 4.21 and later
  • Multi-tenant Kubernetes clusters using Multus CNI with KubeVirt

Discovery Timeline

  • 2026-06-26 - CVE-2026-13434 published to NVD
  • 2026-06-27 - Last updated in NVD database

Technical Details for CVE-2026-13434

Vulnerability Analysis

KubeVirt translates a VMI's Multus network specification into a Multus annotation on the launcher pod. The generator concatenates the tenant-supplied networkName field into the annotation string without escaping or format checking. Multus on the node parses the annotation and honors any embedded JSON structure it finds. Because the annotation value is treated as either a plain NAD name or a structured NetworkSelectionElement array, a JSON payload in networkName reprograms Multus to attach the pod to a different network attachment.

When the ExternalNetResourceInjection Beta feature gate is enabled, the NetworkAttachmentDefinition lookup that normally validates the reference is skipped by design. This design choice removes the last check that would reject a malformed name and expands the attack surface to any namespace reachable by Multus.

Root Cause

The root cause is missing input validation on the networkName field in the VMI spec. The admission controller rejects only empty strings. It does not enforce DNS-1123 subdomain rules, detect JSON tokens such as [ or {, or reject characters outside the label character set. The absence of sanitization allows structured data to pass through as a name.

Attack Vector

A tenant with kubevirt.io:edit role submits a VMI manifest where networkName contains a serialized NetworkSelectionElement array. The array specifies an arbitrary target namespace, NAD name, static IP address, and MAC address. KubeVirt writes the payload verbatim into v1.multus-cni.io/default-network. Multus parses the JSON, resolves the referenced NAD in the attacker-chosen namespace, and attaches the launcher pod to that network. The result is cross-namespace network access and IP or MAC impersonation on segments normally isolated from tenant workloads.

No verified public exploit code is available. See the Red Hat CVE-2026-13434 Advisory and Red Hat Bug Report #2493576 for vendor technical details.

Detection Methods for CVE-2026-13434

Indicators of Compromise

  • Launcher pods with v1.multus-cni.io/default-network annotation values containing JSON syntax such as [, {, namespace, ips, or mac.
  • VMI resources whose spec.networks[].multus.networkName field contains characters outside the DNS-1123 label set.
  • Multus CNI logs showing NAD lookups in namespaces that do not match the VMI's own namespace.

Detection Strategies

  • Audit Kubernetes API server logs for virtualmachineinstances create and update requests where networkName fails DNS-1123 subdomain validation.
  • Compare each launcher pod's namespace with the resolved namespace of every attached NetworkAttachmentDefinition to flag mismatches.
  • Alert when the ExternalNetResourceInjection feature gate is enabled on a cluster that hosts untrusted tenants.

Monitoring Recommendations

  • Continuously monitor kubevirt.io:edit role bindings and reduce their scope to trusted service accounts.
  • Ingest Multus CNI events and correlate pod-to-network attachments across namespaces in a central data lake.
  • Baseline expected IP and MAC ranges per network segment and alert on launcher pods that appear with unexpected addresses.

How to Mitigate CVE-2026-13434

Immediate Actions Required

  • Disable the ExternalNetResourceInjection feature gate on any cluster where tenants hold kubevirt.io:edit permissions.
  • Review all existing VirtualMachineInstance manifests for non-conforming networkName values and terminate any launcher pods with suspicious Multus annotations.
  • Restrict kubevirt.io:edit role bindings to trusted principals and remove the role from shared or self-service namespaces.

Patch Information

Refer to the Red Hat CVE-2026-13434 Advisory for fixed package versions in OpenShift Virtualization. Upstream KubeVirt fixes add DNS-1123 validation and reject JSON tokens in the networkName field. Apply vendor patches for KubeVirt and any downstream distributions before re-enabling the affected feature gate.

Workarounds

  • Keep the ExternalNetResourceInjection Beta feature gate disabled, which is the default configuration.
  • Enforce an admission policy such as Kyverno or OPA Gatekeeper that validates spec.networks[].multus.networkName against the DNS-1123 subdomain pattern.
  • Segment tenant workloads onto dedicated clusters when sharing sensitive network segments with cluster infrastructure is unavoidable.
bash
# Example Kyverno policy fragment to enforce DNS-1123 networkName values
# Reject VMIs whose networkName contains JSON or invalid characters
pattern:
  spec:
    networks:
      - multus:
          networkName: "?*"
        =(name): "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.