Description
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it directly to net.Dial() without validation. For VMIs using non-masquerade network bindings (bridge or secondary-only), this IP is reported by the QEMU guest agent running inside the VM and is fully controllable by the VM owner. An attacker with kubevirt.io:edit permissions can create a VM with a modified guest agent that reports an arbitrary IP address, then request port-forward to establish a bidirectional TCP tunnel from virt-api's cluster-internal network position to any routable destination, bypassing NetworkPolicy isolation.
Published: 2026-06-25
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

flaw exists in the KubeVirt virt‑api port‑forward handler. The API reads the target IP directly from the first VM interface reported by the QEMU guest agent and passes it to net.Dial() without validation. When a VirtualMachineInstance uses a bridge or secondary‑only network binding, this IP is fully controlled by the VM owner. An attacker with kubevirt.io:edit privileges can therefore create a VM whose guest agent reports an arbitrary IP and then issue a port‑forward request, establishing a bidirectional TCP tunnel from the cluster’s internal network to any routable destination.

Affected Systems

The vulnerability affects Red Hat OpenShift. No specific version range is listed in the advisory, so any release that incorporates this code path may be impacted until a patched version is deployed.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity; EPSS is not available and the issue is not listed in CISA’s KEV catalog. Exploitation requires the ability to create or modify a VMI with edit permissions, which is typically limited to certain administrators. The attacker can bypass cluster NetworkPolicy isolation and reach arbitrary external IPs from within the cluster, potentially facilitating further lateral movement or data exfiltration. The risk is elevated in environments that use bridge or secondary‑only networking for VMs and where privileged VMI creation is broadly allowed.

Generated by OpenCVE AI on June 26, 2026 at 00:21 UTC.

Remediation

Vendor Workaround

Users who do not use bridge binding or secondary-only network interfaces for their VMs are not affected by this vulnerability. For environments using these configurations, cluster administrators can apply egress NetworkPolicy to the openshift-cnv namespace to restrict virt-api's outbound connections to known-legitimate destinations (launcher pod CIDRs and node IPs), which blocks the SSRF to arbitrary targets.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update for Red Hat OpenShift Virtualization 4 that contains the fix for CVE‑2026‑13318.
  • If an upgrade is not immediately possible, create an egress NetworkPolicy on the openshift‑cnv namespace that restricts virt‑api outbound connections to only the launcher pod CIDRs and node IP addresses, thereby blocking the SSRF path to arbitrary destinations.
  • Limit the kubevirt.io:edit role to the minimal set of users required to create or modify VMIs, ensuring that only trusted personnel can control guest agent reports.

Generated by OpenCVE AI on June 26, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 25 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it directly to net.Dial() without validation. For VMIs using non-masquerade network bindings (bridge or secondary-only), this IP is reported by the QEMU guest agent running inside the VM and is fully controllable by the VM owner. An attacker with kubevirt.io:edit permissions can create a VM with a modified guest agent that reports an arbitrary IP address, then request port-forward to establish a bidirectional TCP tunnel from virt-api's cluster-internal network position to any routable destination, bypassing NetworkPolicy isolation.
Title Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
First Time appeared Redhat
Redhat container Native Virtualization
Weaknesses CWE-918
CPEs cpe:/a:redhat:container_native_virtualization:4
Vendors & Products Redhat
Redhat container Native Virtualization
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Redhat Container Native Virtualization
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-25T23:23:38.121Z

Reserved: 2026-06-25T08:05:05.093Z

Link: CVE-2026-13318

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-13318 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T00:30:17Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)