A critical security vulnerability (CVE-2026-47243) was discovered in Kata Containers runtime-rs 3.30, allowing guest-to-host privilege escalation through virtiofs. The flaw enables attackers with root access in a guest VM to escape to the host system by exploiting improper symlink handling in virtiofsd. The issue has been patched in Kata Containers 3.31.0.
Background
Kata Containers is an open-source container runtime that provides lightweight virtual machines (VMs) as containers, offering stronger isolation than traditional container runtimes. The project is hosted by the Open Infrastructure Foundation and is used in production by various organizations for security-sensitive workloads.
- Source
- Lobsters
- Published
- May 22, 2026 at 04:41 AM
- Score
- 9.0 / 10