Medium6.4Red Hat Linux Updated
SSRF in virt-api port-forward via unvalidated guest-agent-reported IP
CVE-2026-13318 Published Jun 25, 2026Updated by vendor Jun 25, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
SSRF in virt-api port-forward via unvalidated guest-agent-reported IP. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-918.
Mitigation checklist
Recommended fix / mitigation
- Users who do not use bridge binding or secondary-only network interfaces for their VMs are not affected by this vulnerability. For environments using these configurations, cluster administrators can apply egress NetworkPolicy to the openshift-cnv namespace to restrict virt-api's outbound connections to known-legitimate destinations (launcher pod CIDRs and node IPs), which blocks the SSRF to arbitrary targets.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.