KubeVirt Privilege Escalation Flaw Exposes Kubernetes Clusters to Takeover

A critical privilege-escalation flaw in KubeVirt (CVE-2026-7374, CVSS 9.9) allows an authenticated user with edit privileges to replace console sockets with symbolic links that point to host container runtime sockets, enabling virt-handler connection hijacking and full cluster takeover; operators are advised to immediately tighten RBAC (disallow exec into virt-launcher pods), enable persistent auditing for suspicious symlinks, and apply patches.