🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-13218 is a symlink-following vulnerability in KubeVirt’s virt-launcher component that allows a malicious or compromised virtual machine workload to overwrite arbitrary files on the underlying host via the writeToCache function. This represents a container/VM escape-class issue, where isolation boundaries between virtualised workloads and the host node can be broken. The impact is significant in multi-tenant Kubernetes environments where KubeVirt is used to run VMs alongside containerised workloads.

Security Architect’s Take: Audit any AKS or Azure-hosted Kubernetes clusters running KubeVirt and apply the patched version as soon as it is available; in the interim, restrict virt-launcher pod permissions using PodSecurity admission policies and ensure node-level file integrity monitoring is in place to detect unexpected writes.

Original advisory: CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher