Description
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or sanitization. The only admission check rejects empty strings; no DNS-1123 format validation, JSON detection, or special character rejection is performed. When the ExternalNetResourceInjection Beta feature gate is enabled (off by default, cluster-admin only), the NAD lookup that would otherwise catch malformed names is skipped by design. A tenant with kubevirt.io:edit permissions can inject a JSON-formatted NetworkSelectionElement array specifying an arbitrary namespace, NAD name, static IP address, and MAC address. Multus on the node parses this JSON and attaches the launcher pod to the specified network attachment in any namespace, enabling cross-namespace network access and IP/MAC impersonation on network segments normally segregated from tenant workloads. The ExternalNetResourceInjection feature gate was introduced in KubeVirt v1.8.0 (first shipped in OpenShift Virtualization 4.21).
Published: 2026-06-26
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in KubeVirt’s network annotation generator allows a tenant with kubevirt.io:edit permissions to inject unvalidated networkName values into a VirtualMachineInstance’s launcher pod. When the ExternalNetResourceInjection feature gate is enabled, the plugin skips the standard NAD validation, and the attacker can supply a JSON NetworkSelectionElement array that specifies any namespace, network attachment, static IP, and MAC address. This results in the launcher pod being attached to arbitrary networks across namespaces, enabling cross‑namespace connectivity and IP/MAC impersonation on normally isolated network segments.

Affected Systems

Red Hat OpenShift Virtualization 4 is affected, specifically the KubeVirt component starting with version 1.8.0 (first shipped in OpenShift Virtualization 4.21). Any cluster that has enabled the ExternalNetResourceInjection Beta feature gate is vulnerable, regardless of the specific OpenShift Virtualization minor version. The vulnerability directly impacts tenants that can create or modify VirtualMachineInstances with Multus network configurations.

Risk and Exploitability

The CVSS score is 4.9, indicating a medium confidentiality impact when the feature gate is enabled. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires cluster‑admin access to enable the feature gate and tenant permissions to edit kubevirt resources. The attack is less likely to succeed by default because the gate is off and is restricted to cluster‑admins, but once enabled, the path to compromise is straightforward and does not require additional privilege escalation. Consequently, organizations should treat the risk as moderate but mitigate promptly if the feature is required for operational reasons.

Generated by OpenCVE AI on June 26, 2026 at 18:02 UTC.

Remediation

Vendor Workaround

If the ExternalNetResourceInjection feature gate has been enabled, disable it by removing it from the HyperConverged CR's spec.featureGates configuration. This restores the NAD lookup that blocks malformed network names. If the feature gate is required for operational reasons, restrict kubevirt.io:edit permissions to trusted users only and enforce NetworkPolicy on sensitive network segments to limit lateral movement from unauthorized attachments.

OpenCVE Recommended Actions

  • Disable the ExternalNetResourceInjection feature gate by removing it from the HyperConverged Custom Resource’s spec.featureGates configuration.
  • If disabling is not feasible, restrict kubevirt.io:edit permissions to a trusted set of users to prevent unauthorized NetworkSelectionElement injection, and enforce NetworkPolicy rules on sensitive network segments to limit lateral movement.
  • Regularly audit launched pods for unexpected v1.multus-cni.io/default‑network annotations and verify that assigned networks match tenant namespaces.

Generated by OpenCVE AI on June 26, 2026 at 18:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 26 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or sanitization. The only admission check rejects empty strings; no DNS-1123 format validation, JSON detection, or special character rejection is performed. When the ExternalNetResourceInjection Beta feature gate is enabled (off by default, cluster-admin only), the NAD lookup that would otherwise catch malformed names is skipped by design. A tenant with kubevirt.io:edit permissions can inject a JSON-formatted NetworkSelectionElement array specifying an arbitrary namespace, NAD name, static IP address, and MAC address. Multus on the node parses this JSON and attaches the launcher pod to the specified network attachment in any namespace, enabling cross-namespace network access and IP/MAC impersonation on network segments normally segregated from tenant workloads. The ExternalNetResourceInjection feature gate was introduced in KubeVirt v1.8.0 (first shipped in OpenShift Virtualization 4.21).
Title Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled
First Time appeared Redhat
Redhat container Native Virtualization
Weaknesses CWE-20
CPEs cpe:/a:redhat:container_native_virtualization:4
Vendors & Products Redhat
Redhat container Native Virtualization
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Redhat Container Native Virtualization
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-27T02:38:21.356Z

Reserved: 2026-06-26T14:59:17.292Z

Link: CVE-2026-13434

cve-icon Vulnrichment

Updated: 2026-06-27T02:38:17.251Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-13434 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T18:15:04Z

Weaknesses
  • CWE-20

    Improper Input Validation