CVE-2026-47243: Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host virtiofsd as root with:
--sandbox none --seccomp none
If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE requests directly to the host virtiofsd. With the tested runtime-rs virtio-fs configuration, a raw FUSE_SYMLINK request whose new symlink name is an absolute host path is honored outside the virtio-fs shared directory.
This lets guest root create host-root owned symlinks in sensitive host paths. The PoC created here will create symlinks in the host /etc/cron.d directory, causing host cron to execute a guest-controlled payload as host root.
Impact: guest root can execute code as host root.
References
- github.com/advisories/GHSA-2gv2-cffp-j227
- github.com/kata-containers/kata-containers/commit/ffa59ce3aa7877d067c9a372df0c329a23a01744
- github.com/kata-containers/kata-containers/releases/tag/3.31.0
- github.com/kata-containers/kata-containers/security/advisories/GHSA-2gv2-cffp-j227
- nvd.nist.gov/vuln/detail/CVE-2026-47243
Code Behaviors & Features
Detect and mitigate CVE-2026-47243 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →