CVE-2026-24834HIGH 8.8EPSS p12.9%

CVE-2026-24834CVE-2026-24834

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.9% · 2026-06-19T12:03:05Z
Published2026-02-19
Last modified2026-02-23

Underlying weaknesses· 1

CWE-732

References

  1. https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf
  2. https://github.com/kata-containers/kata-containers/releases/tag/3.27.0
  3. https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41326
CVE
CVE-2026-24054
CVE
CVE-2026-34177
CVE
CVE-2026-27211
CVE
CVE-2026-24120
CVE
CVE-2026-44009
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.