Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

INFO

Published Date :

2026-02-19T15:57:50.691Z

Last Modified :

2026-02-26T14:44:14.454Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24834 vulnerability.

Vendors Products
Katacontainers
  • Kata-containers
  • Kata Containers
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24834.

URL Resource
https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf cve-icon cve-icon cve-icon
https://github.com/kata-containers/kata-containers/releases/tag/3.27.0 cve-icon cve-icon cve-icon
https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-24834 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-24834 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact