1. Home
  2. CVE Database
  3. CVE-2026-13322
LOW · 3.8

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is r...

Vulnerability Description

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.

CVSS Score

3.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2026-13322?

CVE-2026-13322 is a vulnerability with a CVSS score of 3.8 (LOW). A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is r...

How severe is CVE-2026-13322?

CVE-2026-13322 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-13322?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.