SUSE KubeVirt Vulnerabilities Lead to Denial of Service Threats

SUSE KubeVirt Vulnerabilities Lead to Denial of Service Threats

First seen 9 Jul 2026, 18:11 UTC Linuxsecurity 96% similarity 57.9

Article Content

Browse articles
ThreatCluster

SUSE KubeVirt 1.6 has been updated to address multiple vulnerabilities, including CVE-2026-9804, which allows symlink escape in the VMExport directory, enabling attackers to access sensitive files. CVE-2025-14525 poses a denial of service risk by allowing VMs to flood VMI status, potentially filling etcd. Additionally, CVE-2026-35469 involves resource exhaustion in the SPDY/3 protocol implementation. These vulnerabilities affect users of SUSE KubeVirt, with the potential for significant operational disruptions. Patches are available, and users are advised to update their systems promptly. The vulnerabilities were disclosed in July 2026, with the updates released shortly thereafter.

Key Points: • SUSE KubeVirt 1.6 vulnerabilities include CVE-2026-9804, CVE-2025-14525, and CVE-2026-35469. • CVE-2025-14525 can lead to denial of service by flooding VMI status with excessive guest interfaces. • Immediate patching is recommended to mitigate risks associated with these vulnerabilities.

ThreatCluster AI

Timeline

2026-01-26
CVE-2025-14525 published
This vulnerability allows VMs to flood VMI status, risking denial of service by filling etcd.
Linuxsecurity
2026-04-16
CVE-2026-35469 published
Resource exhaustion vulnerability in the SPDY/3 protocol implementation was disclosed.
Linuxsecurity
2026-05-28
CVE-2026-9804 published
Symlink escape vulnerability allows attackers to read sensitive files from the exporter pod.
Linuxsecurity
2026-07-07
SUSE KubeVirt update released
An update was issued to address multiple vulnerabilities including CVE-2026-9804, CVE-2025-14525, and CVE-2026-35469.
Linuxsecurity
2026-07-08
Second SUSE KubeVirt update released
A follow-up advisory confirmed the importance of addressing the denial of service threat and other vulnerabilities.
Linuxsecurity

Community

Browse all →