Back to VulnFeed / CVE-2026-9804
root@hackertop:~/vulnfeed/CVE-2026-9804#
CVE-2026-9804 MEDIUM CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

KubeVirt virt-exportserver link following

KubeVirt 2026-05-28 Impact pending confirmation
LIFECYCLE
6.0 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in KubeVirt (the affected version unknown). It has been classified as critical. This affects an unknown part of the component virt-exportserver. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
CWE is classifying the issue as CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Impact: This is going to have an impact on confidentiality.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-9804 · CVSS 6.0 · Active Threat