CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted QCOW2 structure pointing to a sensitive host path. Upon the next VM boot or disk scan, the image format auto-detection parses this header and serves the host file's contents to the guest. Guest-initiated VM reboots are sufficient to trigger a disk scan and do not cause the Cloud Hypervisor process to exit. Therefore, a single VM can perform this attack without needing interaction from the management stack. Successful exploitation requires the backing image to be either writable by the guest or sourced from an untrusted origin. Deployments utilizing only trusted, read-only images are not affected. This issue has been fixed in version 50.1. To workaround, enable land lock sandboxing and restrict process privileges and access.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/cloud-hypervisor/cloud-hypervisor/commit/081a6ebb5184228ff348601502258f3f72bd8b43	Patch
https://github.com/cloud-hypervisor/cloud-hypervisor/commit/509832298b6865365b00bda88722e76e41ce7f41	Patch
https://github.com/cloud-hypervisor/cloud-hypervisor/commit/a63315df54e06f6ec867f17b63076c266e2d8648	Patch
https://github.com/cloud-hypervisor/cloud-hypervisor/commit/cb495959a8bea1b56e8fc82d15ba527a0e7fcf3c	Patch
https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1	Product Release Notes
https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.0	Product Release Notes
https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudhypervisor:cloud_hypervisor:*:*:*:*:*:rust:*:*

History

24 Feb 2026, 17:08

Type	Values Removed	Values Added
First Time		Cloudhypervisor cloud Hypervisor Cloudhypervisor
CPE		cpe:2.3:a:cloudhypervisor:cloud_hypervisor::::::rust::*
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/081a6ebb5184228ff348601502258f3f72bd8b43 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/081a6ebb5184228ff348601502258f3f72bd8b43 - Patch
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/509832298b6865365b00bda88722e76e41ce7f41 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/509832298b6865365b00bda88722e76e41ce7f41 - Patch
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/a63315df54e06f6ec867f17b63076c266e2d8648 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/a63315df54e06f6ec867f17b63076c266e2d8648 - Patch
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/cb495959a8bea1b56e8fc82d15ba527a0e7fcf3c -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/commit/cb495959a8bea1b56e8fc82d15ba527a0e7fcf3c - Patch
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1 - Product, Release Notes
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.0 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.0 - Product, Release Notes
References	~~() https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6 -~~	() https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6 - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 10.0
Summary		(es) Cloud Hypervisor es un Monitor de Máquina Virtual para cargas de trabajo en la nube. Las versiones 34.0 a 50.0 son vulnerables a la exfiltración arbitraria de archivos del host (limitada por los privilegios del proceso) al usar dispositivos virtio-block respaldados por imágenes raw. Un invitado malicioso puede sobrescribir su encabezado de disco con una estructura QCOW2 manipulada que apunta a una ruta sensible del host. Tras el siguiente arranque de la máquina virtual o escaneo de disco, la autodetección del formato de imagen analiza este encabezado y entrega el contenido del archivo del host al invitado. Los reinicios de la máquina virtual iniciados por el invitado son suficientes para activar un escaneo de disco y no provocan la salida del proceso de Cloud Hypervisor. Por lo tanto, una única máquina virtual puede realizar este ataque sin necesidad de interacción de la pila de gestión. La explotación exitosa requiere que la imagen de respaldo sea escribible por el invitado o que provenga de un origen no confiable. Las implementaciones que utilizan solo imágenes de confianza y de solo lectura no se ven afectadas. Este problema ha sido solucionado en la versión 50.1. Para una solución alternativa, habilite el sandboxing de land lock y restrinja los privilegios y el acceso del proceso.

21 Feb 2026, 06:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-21 06:17

Updated : 2026-02-24 17:08

NVD link : CVE-2026-27211

Mitre link : CVE-2026-27211

CVE.ORG link : CVE-2026-27211

JSON object : View

Products Affected

cloudhypervisor

cloud_hypervisor

CWE

CWE-73

External Control of File Name or Path

10.0 /10