cvedb.io
CVE-2026-27211
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2026-02-21T06:17:01.253 · Last modified 2026-06-17T10:26:51.150

Summary

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted QCOW2 structure pointing to a sensitive host path. Upon the next VM boot or disk scan, the image format auto-detection parses this header and serves the host file's contents to the guest. Guest-initiated VM reboots are sufficient to trigger a disk scan and do not cause the Cloud Hypervisor process to exit. Therefore, a single VM can perform this attack without needing interaction from the management stack. Successful exploitation requires the backing image to be either writable by the guest or sour

Affected products

cloudhypervisor — cloud_hypervisor

Does this affect you?

Add your gear to cvedb and we'll alert you only when cloudhypervisor ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.