CVE-2026-9804
Published: 28 May 2026
Summary
CVE-2026-9804 is a high-severity Link Following (CWE-59) vulnerability. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal via symlink directly enables reading arbitrary files from the pod filesystem, mapping to T1005 Data from Local System for information disclosure.
NVD Description
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that…
more
points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
- OWASP Top 10 Web 2025
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32748