Vulnerability Description
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Katacontainers | Kata Containers | < 3.27.0 |
Related Weaknesses (CWE)
References
- https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053ePatch
- https://github.com/kata-containers/kata-containers/releases/tag/3.27.0ProductRelease Notes
- https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6ExploitVendor Advisory
FAQ
What is CVE-2026-24834?
CVE-2026-24834 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with C...
How severe is CVE-2026-24834?
CVE-2026-24834 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-24834?
Check the references section above for vendor advisories and patch information. Affected products include: Katacontainers Kata Containers.