kubevirt.io/kubevirt (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package kubevirt.io/kubevirt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2020-14316 — CVSS 9.9 (critical): A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem…
CVE-2022-1798 — CVSS 8.7 (high): A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt…
CVE-2023-26484 — CVSS 8.2 (high): KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a…
CVE-2025-64324 — CVSS 7.7 (high): KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory…
CVE-2024-31420 — CVSS 6.5 (medium): A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node…
CVE-2020-1701 — CVSS 6.5 (medium): A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker…
CVE-2025-64433 — CVSS 6.5 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM…
CVE-2025-14525 — CVSS 6.4 (medium): A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to…
CVE-2024-33394 — CVSS 5.9 (medium): An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token…
CVE-2026-6383 — CVSS 5.4 (medium): A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates…
CVE-2025-64435 — CVSS 5.3 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an…
CVE-2025-64436 — CVSS 5.3 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service…
CVE-2025-64437 — CVSS 5.0 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify…
CVE-2025-64432 — CVSS 4.7 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of…
CVE-2025-64434 — CVSS 4.7 (medium): KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in…