CVE-2026-6383

Published: Apr 15, 2026Modified: Apr 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: secalert@redhat.com

Description

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://access.redhat.com/security/cve/CVE-2026-6383

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2458741

Source: secalert@redhat.com

Timeline

No history available yet.