Kata Container has CopyFile Policy Subversion via Symlinks — CVE-2026-41326
GHSA · GitHub · CVE-2026-41326
ID
CVE-2026-41326
CVE-2026-41326
Date
Updated
Activity
Source
GHSA
GHSA
Vendor
GitHub
GitHub
Threat
high
high
CVSS
8.2
8.2
EPSS
0.00017
0.00017
Summary
### Summary An oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. ### Details Here is the policy that covers CopyFile requests. ``` CopyFileRequest if { print("CopyFileRequest: input.path…
Product
go: github.com/kata-containers/kata-containers
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.