CVE-2026-6383

ADVISORY - github

Summary

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

EPSS Score⁠: 0.00033 (0.096)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-863⁠

Incorrect Authorization

ADVISORY - github

CWE-863⁠

Incorrect Authorization

ADVISORY - redhat

CWE-863⁠

Incorrect Authorization

Impacted images

Advisories

NIST

CREATED

21 days ago

UPDATED

20 days ago

ADVISORY IDCVE-2026-6383⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.4medium

GitHub

CREATED

21 days ago

UPDATED

20 days ago

ADVISORY IDGHSA-j6cv-3w8p-vrg8⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.4medium

Red Hat

CREATED

22 days ago

UPDATED

21 days ago

ADVISORY IDCVE-2026-6383⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.4medium

Chainguard

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

CGA-jrpp-vmhp-pxjp

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY