CVE-2026-41326: Arbitrary File Overwrite in Kata Containers via CopyFile API Symlink Subversion
Vulnerability ID: CVE-2026-41326
CVSS Score: 8.2
Published: 2026-05-04
Kata Containers versions 3.4.0 through 3.28.0 contain a vulnerability in the CopyFile API policy enforcement mechanism. The Kata Agent's policy engine failed to validate the target path of symbolic links, allowing an attacker on the host to overwrite arbitrary files inside the guest VM. This flaw enables privilege escalation and data exfiltration, compromising the isolation boundary of Confidential Virtual Machines.
TL;DR
An authorization bypass in Kata Containers allows host-level attackers to overwrite sensitive guest files via symlink subversion in the CopyFile API.
Technical Details
- CWE ID: CWE-61
- Attack Vector: Local
- CVSS v4.0 Score: 8.2
- EPSS Score: 0.00019
- Exploit Status: None
- KEV Status: Not Listed
Affected Systems
- Kata Containers kata-agent
- Kata Containers genpolicy
-
kata-containers: >= 3.4.0, < 3.29.0 (Fixed in:
3.29.0)
Code Analysis
Commit: 1b9e49e
Fix copy-file subversion by normalizing data structure and adding Rego policy enforcement for symlinks.
Mitigation Strategies
- Upgrade Kata Containers to version 3.29.0 or later.
- Harden host-side socket permissions to prevent unauthorized access to the Kata Agent communication channels.
- Implement Mandatory Access Control (MAC) frameworks on the host to confine container orchestration utilities.
Remediation Steps:
- Identify all hosts running Kata Containers versions 3.4.0 through 3.28.0.
- Update the Kata Containers installation packages on the affected host systems.
- Rebuild or update the guest VM images to include the patched Kata Agent binary.
- Restart running instances to ensure they boot with the updated guest VM image and policy engine.
References
Read the full report for CVE-2026-41326 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)