Linuxsecurity
SUSE KubeVirt Vulnerabilities Lead to Denial of Service Threats
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
SUSE KubeVirt 1.6 has been updated to address multiple vulnerabilities, including CVE-2026-9804, which allows symlink escape in the VMExport directory, enabling attackers to access sensitive files. CVE-2025-14525 poses a denial of service risk by allowing VMs to flood VMI status, potentially filling etcd. Additionally, CVE-2026-35469 involves resource exhaustion in the SPDY/3 protocol implementation. These vulnerabilities affect users of SUSE KubeVirt, with the potential for significant operational disruptions. Patches are available, and users are advised to update their systems promptly. The vulnerabilities were disclosed in July 2026, with the updates released shortly thereafter.
Key Points: • SUSE KubeVirt 1.6 vulnerabilities include CVE-2026-9804, CVE-2025-14525, and CVE-2026-35469. • CVE-2025-14525 can lead to denial of service by flooding VMI status with excessive guest interfaces. • Immediate patching is recommended to mitigate risks associated with these vulnerabilities.