CVE-2026-24834
Published: 19 February 2026
Summary
CVE-2026-24834 is a critical-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Katacontainers Kata Containers. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of flaws like CVE-2026-24834 to Kata Containers version 3.27.0 or later.
Enables detection of systems running vulnerable versions of Kata Containers through vulnerability scanning, facilitating remediation before exploitation.
Provides awareness of security advisories like GHSA-wwj6-vghv-5p64 for Kata Containers, prompting actions to implement the patch.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE directly describes a local attacker exploiting incorrect permissions (CWE-732) on the guest microVM filesystem to achieve arbitrary code execution as root inside the VM, which maps precisely to exploitation for privilege escalation.
NVD Description
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to…
more
modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
Deeper analysisAI
CVE-2026-24834 is a high-severity vulnerability (CVSS 9.3, CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H; CWE-732) in Kata Containers, an open source project implementing lightweight Virtual Machines designed to perform like containers. It affects versions prior to 3.27.0 and stems from an issue in Kata's integration with Cloud Hypervisor, where a container user can modify the file system used by the guest micro VM, enabling arbitrary code execution as root within that VM.
A local attacker with access to a vulnerable Kata container—no privileges, user interaction, or complex setup required—can exploit this to achieve full root compromise inside the guest micro VM. The changed scope (S:C) amplifies the impact on confidentiality, integrity, and availability within the VM. Exploitation does not affect the host system or other containers/VMs on the host, though arm64 QEMU's lack of NVDIMM read-only support may allow guest writes to reach the image file until upstream QEMU provides this capability.
Kata Containers version 3.27.0 fully patches the vulnerability. Security advisories recommend immediate upgrades to this version or later. Key resources include the patching commit (https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf), the 3.27.0 release notes (https://github.com/kata-containers/kata-containers/releases/tag/3.27.0), and the GitHub security advisory (https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64).
Details
- CWE(s)