CVE-2026-24834
Received Received - Intake
Arbitrary Code Execution via Filesystem Vulnerability in Kata Containers

Publication date: 2026-02-19

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-23
Generated
2026-05-27
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-25
NVD
CVE-2026-24834
EUVD
EUVD-2026-7734
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
katacontainers kata_containers to 3.27.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Kata Containers versions prior to 3.27.0, specifically involving the Cloud Hypervisor component. It allows a user within a container to modify the file system used by the Guest micro VM. This modification can lead to arbitrary code execution with root privileges inside the Guest VM.

The issue arises because arm64 QEMU lacks NVDIMM read-only support, which means a guest write operation could affect the image file. This vulnerability does not impact the security of the Host system or other containers/VMs running on the same Host.

The problem is fixed in version 3.27.0 of Kata Containers.


How can this vulnerability impact me? :

If you are using a vulnerable version of Kata Containers (prior to 3.27.0), an attacker who has access to a container could exploit this vulnerability to gain arbitrary code execution as root inside the Guest micro VM.

This means the attacker could fully control the Guest VM, potentially compromising applications and data within that VM.

However, the vulnerability does not affect the Host system or other containers/VMs running on the same Host, limiting the scope of impact to the compromised Guest VM.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Kata Containers to version 3.27.0 or later, as this version patches the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart