CVE-2026-27211
Arbitrary File Exfiltration via Virtio-Block in Cloud Hypervisor
Publication date: 2026-02-21
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloudhypervisor | cloud_hypervisor | From 34.0 (inc) to 50.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27211 is a critical vulnerability in Cloud Hypervisor versions 34.0 through 50.0 that allows a malicious guest virtual machine to exfiltrate arbitrary host files. This happens when virtio-block devices use backing images, especially QCOW2 files. The guest can overwrite its disk header with a crafted QCOW2 structure that points to sensitive host file paths. When the VM reboots or the disk is scanned, Cloud Hypervisor's image format auto-detection parses this header and exposes the host file contents to the guest."}, {'type': 'paragraph', 'content': 'The attack can be triggered solely by guest-initiated VM reboots without requiring interaction from the management stack. Successful exploitation requires the backing image to be writable by the guest or sourced from an untrusted origin. Deployments using only trusted, read-only images are not vulnerable.'}, {'type': 'paragraph', 'content': 'The vulnerability stems from improper handling of backing files in disk images, allowing external control of file paths (CWE-73). It was escalated in severity due to commits enabling raw backing file support and removing minimum file size constraints, allowing exfiltration of any host file, including small sensitive files.'}] [4]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary host file exfiltration from the host system to a malicious guest VM. An attacker controlling the guest VM can access sensitive host files by crafting disk headers that point to those files.
The impact is significant because the attack requires no privileges, no user interaction, and can be performed remotely by the guest VM. It can compromise confidentiality by exposing sensitive host data, and also affect integrity and availability due to the high CVSS score of 9.1.
The attack is constrained by the Cloud Hypervisor process privileges, but if those privileges are high, the attacker can access critical host files such as SSH keys or password fragments.
Mitigations include upgrading to patched versions (50.1 or later), enabling Landlock sandboxing, restricting process privileges, using read-only trusted images, and applying strict filesystem permissions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if your Cloud Hypervisor deployment is running a vulnerable version (v34.0 through v50.0) and if virtio-block devices are using writable backing images, especially QCOW2 images with backing files.
Since the vulnerability is triggered by guest-initiated VM reboots or disk scans that parse crafted QCOW2 headers, monitoring VM reboot events and inspecting disk image configurations for backing files can help detect potential exploitation attempts.
Commands to check the Cloud Hypervisor version and disk image configurations might include:
- Check Cloud Hypervisor version: `cloud-hypervisor --version` or check the running process version.
- Inspect VM disk configurations for backing files usage, for example by reviewing VM launch parameters or configuration files for `backing_files=on` or QCOW2 images referencing backing files.
- Monitor VM reboot logs to detect frequent or suspicious guest-initiated reboots.
No explicit detection commands are provided in the resources, but focusing on version checks, disk image configurations, and VM reboot activity is recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Cloud Hypervisor to version 50.1 or later, where the vulnerability is fixed.
- Upgrade to Cloud Hypervisor v50.1 or v51.0, which introduce explicit control over backing files with the `backing_files=on|off` option, defaulting to `off` to disable backing files.
- Specify the image type explicitly to avoid reliance on format autodetection.
- Prevent writes to sector zero on autodetected raw images to avoid exploitation via crafted disk headers.
- Enable Landlock sandboxing to restrict process privileges and file access.
- Run Cloud Hypervisor as an unprivileged user and apply strict filesystem permissions.
- Use containerization and enforce read-only mounts for host resources exposed to guests.