Cyber Resilience

CVE-2026-24834

CriticalPublic PoCLPEUpdated

Published: 19 February 2026

Published
19 February 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0022 13.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-24834 is a critical-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Katacontainers Kata Containers. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-24834 is a high-severity vulnerability (CVSS 9.3, CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H; CWE-732) in Kata Containers, an open source project implementing lightweight Virtual Machines designed to perform like containers. It affects versions prior to 3.27.0 and stems from an issue in Kata's integration with Cloud Hypervisor, where a container user can modify the file system used by the guest micro VM, enabling arbitrary code execution as root within that VM.

A local attacker with access to a vulnerable Kata container—no privileges, user interaction, or complex setup required—can exploit this to achieve full root compromise inside the guest micro VM. The changed scope (S:C) amplifies the impact on confidentiality, integrity, and availability within the VM. Exploitation does not affect the host system or other containers/VMs on the host, though arm64 QEMU's lack of NVDIMM read-only support may allow guest writes to reach the image file until upstream QEMU provides this capability.

Kata Containers version 3.27.0 fully patches the vulnerability. Security advisories recommend immediate upgrades to this version or later. Key resources include the patching commit (https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf), the 3.27.0 release notes (https://github.com/kata-containers/kata-containers/releases/tag/3.27.0), and the GitHub security advisory (https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64).

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to…

more

modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE directly describes a local attacker exploiting incorrect permissions (CWE-732) on the guest microVM filesystem to achieve arbitrary code execution as root inside the VM, which maps precisely to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24054Same product: Katacontainers Kata Containers
CVE-2025-21325Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-8110Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2024-11497Shared CWE-732
CVE-2026-41217Shared CWE-732
CVE-2025-21571Shared CWE-732

Affected Assets

katacontainers
kata containers
≤ 3.27.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of flaws like CVE-2026-24834 to Kata Containers version 3.27.0 or later.

detect

Enables detection of systems running vulnerable versions of Kata Containers through vulnerability scanning, facilitating remediation before exploitation.

detect

Provides awareness of security advisories like GHSA-wwj6-vghv-5p64 for Kata Containers, prompting actions to implement the patch.

References