Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6383

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 weeks ago Activity log

Created suggestion 2 weeks ago

Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

References

https://access.redhat.com/security/cve/CVE-2026-6383 vdb-entryx_refsource_REDHAT
RHBZ#2458741 issue-trackingx_refsource_REDHAT

Affected products

kubevirt

Matching in nixpkgs

pkgs.kubevirt

Client tool to use advanced features such as console access

nixos-unstable 1.8.1
- nixpkgs-unstable 1.8.1
- nixos-unstable-small 1.8.1
nixos-25.11 1.6.3
- nixos-25.11-small 1.6.3
- nixpkgs-25.11-darwin 1.6.3

Package maintainers

@johanot Johan Thomsen <write@ownrisk.dk>
@haslersn Sebastian Hasler <haslersn@fius.informatik.uni-stuttgart.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.kubevirt

Package maintainers