CVE-2026-24834
Modified Modified - Updated After Analysis

Arbitrary Code Execution via Filesystem Vulnerability in Kata Containers

Vulnerability report for CVE-2026-24834, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-19

Last updated on: 2026-06-30

Assigner: GitHub, Inc.

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-19
Last Modified
2026-06-30
Generated
2026-07-06
AI Q&A
2026-02-19
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
katacontainers kata_containers to 3.27.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-281 The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Kata Containers versions prior to 3.27.0, specifically involving the Cloud Hypervisor component. It allows a user within a container to modify the file system used by the Guest micro VM. This modification can lead to arbitrary code execution with root privileges inside the Guest VM.

The issue arises because arm64 QEMU lacks NVDIMM read-only support, which means a guest write operation could affect the image file. This vulnerability does not impact the security of the Host system or other containers/VMs running on the same Host.

The problem is fixed in version 3.27.0 of Kata Containers.

Impact Analysis

If you are using a vulnerable version of Kata Containers (prior to 3.27.0), an attacker who has access to a container could exploit this vulnerability to gain arbitrary code execution as root inside the Guest micro VM.

This means the attacker could fully control the Guest VM, potentially compromising applications and data within that VM.

However, the vulnerability does not affect the Host system or other containers/VMs running on the same Host, limiting the scope of impact to the compromised Guest VM.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Kata Containers to version 3.27.0 or later, as this version patches the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart