CVE-2026-27211
published 2026-02-21CVE-2026-27211: Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by…
PriorityP261critical10CVSS 3.1
AVNACLPRNUINSCCHIHAN
EPSS
0.50%
39.0th percentile
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted QCOW2 structure pointing to a sensitive host path. Upon the next VM boot or disk scan, the image format auto-detection parses this header and serves the host file's contents to the guest. Guest-initiated VM reboots are sufficient to trigger a disk scan and do not cause the Cloud Hypervisor process to exit. Therefore, a single VM can perform this attack without needing interaction from the management stack. Successful exploitation requires the backing image to be either writable by the guest or sourced from an untrusted origin. Deployments utilizing only trusted, read-only images are not affected. This issue has been fixed in version 50.1. To workaround, enable land lock sandboxing and restrict process privileges and access.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud-hypervisor | cloud-hypervisor | — | — |
| cloudhypervisor | cloud_hypervisor | >= 34.0 < 50.1 | 50.1 |
| msrc | azl3_cloud-hypervisor_48.0.246-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cloud-hypervisor-cvm_38.0.72.2-5_on_cbl_mariner_2.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A malicious guest can overwrite its disk header with a crafted QCOW2 structure pointing to a sensitive host path. Monitor for unexpected modifications to VM disk image headers (raw images) that introduce QCOW2 magic bytes/structures. ↗
- →Guest-initiated VM reboots are sufficient to trigger exploitation (disk scan) without management stack interaction. Monitor for abnormal or repeated guest-initiated reboot sequences on VMs backed by raw disk images. ↗
- →The attack vector relies on image format auto-detection parsing a crafted QCOW2 header from what was originally a raw image. Alert on raw disk images that contain QCOW2 magic bytes ('QFI\xfb') at offset 0. ↗
- ·Only deployments where the backing image is writable by the guest OR sourced from an untrusted origin are affected. Read-only trusted images are not vulnerable. ↗
- ·Workaround: Enable landlock sandboxing and restrict Cloud Hypervisor process privileges and filesystem access to limit the scope of host file exfiltration. ↗
- ·The vulnerability is fixed in Cloud Hypervisor version 50.1. CBL-Mariner/Azure Linux users should follow the upgrade path referenced by Microsoft. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
nvdv4.09.1CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
https://github.com/cloud-hypervisor/cloud-hypervisor/commit/081a6ebb5184228ff348601502258f3f72bd8b43https://github.com/cloud-hypervisor/cloud-hypervisor/commit/509832298b6865365b00bda88722e76e41ce7f41https://github.com/cloud-hypervisor/cloud-hypervisor/commit/a63315df54e06f6ec867f17b63076c266e2d8648https://github.com/cloud-hypervisor/cloud-hypervisor/commit/cb495959a8bea1b56e8fc82d15ba527a0e7fcf3chttps://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v50.1https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.0https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-jmr4-g2hv-mjj6
2026-02-21
Published