CVE-2026-9804 Overview
CVE-2026-9804 is a path traversal vulnerability in KubeVirt's virt-exportserver component. The flaw resides in the VMExport directory endpoint, which fails to safely resolve symbolic links within exported filesystem Persistent Volume Claims (PVCs). An attacker with namespace-level access can place a symbolic link inside an exported PVC that points outside the designated mount root. When the export endpoint follows that link, the virt-exportserver pod returns the contents of files located elsewhere on the exporter pod's filesystem. The result is arbitrary file read leading to information disclosure of potentially sensitive data, including configuration files, service account tokens, and other secrets accessible to the exporter pod.
Critical Impact
Authenticated namespace users can read arbitrary files from the virt-exportserver pod filesystem by exploiting symlink resolution in the VMExport directory endpoint.
Affected Products
- KubeVirt virt-exportserver component
- Red Hat OpenShift Virtualization deployments using KubeVirt VMExport
- Kubernetes clusters running affected KubeVirt releases with VMExport enabled
Discovery Timeline
- 2026-05-28 - CVE-2026-9804 published to NVD
- 2026-05-28 - Last updated in NVD database
Technical Details for CVE-2026-9804
Vulnerability Analysis
KubeVirt exposes the VMExport feature through the virt-exportserver pod, which serves the contents of a filesystem PVC over HTTP for migration and backup workflows. The directory endpoint walks the exported volume and streams file contents back to the requesting client. The handler does not validate that resolved paths remain within the designated mount root before opening files. When the export directory contains a symbolic link, the server follows that link during read operations. An attacker who can write to the source PVC, either directly or through a virtual machine attached to it, places a symlink that targets paths such as /proc/self/environ, /var/run/secrets/kubernetes.io/serviceaccount/token, or other sensitive files inside the pod. Subsequent VMExport requests return the linked file's contents instead of the intended PVC data. The vulnerability is classified under [CWE-59] Improper Link Resolution Before File Access.
Root Cause
The root cause is missing symlink containment in the file-serving logic of virt-exportserver. The code opens files by their resolved path without enforcing that the final canonical path remains a descendant of the export root directory. Safe alternatives such as openat2 with RESOLVE_BENEATH or explicit path canonicalization checks are not applied. Any symlink placed in the PVC by a tenant becomes a vehicle for reading files outside the intended scope.
Attack Vector
The attacker requires namespace-level permissions to create or modify a VMExport resource and to write to the underlying filesystem PVC. After placing a malicious symlink inside the PVC pointing to an arbitrary path within the exporter pod, the attacker triggers a VMExport and retrieves the export via the directory endpoint. The server resolves the symlink and returns the target file contents over the network. No user interaction is required, and the scope change reflects that data outside the attacker's namespace can be disclosed.
No verified public proof-of-concept code is available. Refer to the Red Hat CVE-2026-9804 Advisory and Red Hat Bugzilla #2482487 for technical details.
Detection Methods for CVE-2026-9804
Indicators of Compromise
- Unexpected symbolic links inside filesystem PVCs that are referenced by VMExport resources, particularly links pointing to absolute paths such as /proc, /etc, /var/run/secrets, or /root.
- VMExport HTTP responses containing file contents that do not correspond to expected guest disk data, such as Kubernetes service account tokens or environment variable dumps.
- Anomalous read patterns from virt-exportserver pods accessing paths outside the mounted PVC root.
Detection Strategies
- Audit Kubernetes API server logs for VMExport creation events correlated with the namespaces of low-privilege users.
- Inspect filesystem PVCs referenced by VMExport objects for symlinks whose targets resolve outside the volume mount path.
- Monitor egress traffic from virt-exportserver pods for unusually small or unusually structured responses that suggest exfiltration of secrets rather than VM disk content.
Monitoring Recommendations
- Enable Kubernetes audit logging at the Metadata level for VirtualMachineExport resources across all tenant namespaces.
- Collect container filesystem and process telemetry from KubeVirt control-plane pods and forward to a central data lake for correlation.
- Alert on virt-exportserver pod file opens targeting paths outside the expected PVC mount, such as /var/run/secrets/ or /proc/self/.
How to Mitigate CVE-2026-9804
Immediate Actions Required
- Upgrade KubeVirt to a fixed release as indicated in the Red Hat CVE-2026-9804 Advisory once available for your distribution.
- Restrict permissions to create VirtualMachineExport resources using Kubernetes RBAC so only trusted operators can initiate exports.
- Review existing VMExport resources and the associated PVCs for unexpected symbolic links before processing further exports.
Patch Information
Red Hat tracks remediation through Red Hat Bugzilla #2482487 and the Red Hat CVE-2026-9804 Advisory. Apply the upstream KubeVirt fix that enforces symlink containment in the virt-exportserver directory handler, or install the vendor-supplied package update for your platform.
Workarounds
- Disable the VMExport feature in clusters where it is not required until patches are deployed.
- Tighten RBAC so namespace users cannot create VirtualMachineExport resources or write directly to filesystem PVCs that back exports.
- Use block-mode PVCs instead of filesystem-mode PVCs for sensitive workloads, since the symlink primitive only applies to filesystem exports.
# Restrict VMExport creation via RBAC (example)
kubectl create clusterrole vmexport-deny \
--verb=create,update,patch \
--resource=virtualmachineexports.export.kubevirt.io
# Audit existing PVCs referenced by VMExports for symlinks
kubectl get virtualmachineexports.export.kubevirt.io -A -o json | \
jq -r '.items[] | "\(.metadata.namespace) \(.spec.source.name)"'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
