Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.0%
CVSS Severity
CVSS v3 Score 3.8
Products affected by CVE-2026-13322


Contact Us

Shodan ® - All rights reserved