Hi,

On July 6, 2026, researcher Hyunwoo Kim (@v4bel) publicly disclosed Januscape, a vulnerability in the Linux kernel’s KVM/x86 memory-management code. It has two attack paths. A malicious virtual machine can break out of the guest and run code as root on the host it runs on. And on any host where the KVM device node /dev/kvm is world-accessible, which is the default on EL8 and later, an unprivileged local user can trigger the same bug directly to crash the host, with a working root-level exploit reported but not yet public. Kim is the researcher behind the earlier KVM/arm64 escape “ITScape” (CVE-2026-46316); Januscape is its x86 sibling. [0]

This vulnerability directly affects all CloudStack users running with the KVM hypervisor and it's therefor advised to patch/mitigate your hypervisors.

On Github [1] Kim published a PoC, but the Guest-to-Host exploit has not been released yet: "Running the PoC inside a guest VM can trigger a host kernel panic. A full escape exploit that works in a controlled environment also exists, but it is not released at this time and is planned to be released in the very distant future."

I highly recommend you look into this if you are using KVM (with CloudStack)!

Wido

[0]: https://blog.cloudlinux.com/januscape-cve-2026-53359-mitigation-and-kernel-update-on-cloudlinux/
[1]: https://github.com/V4bel/Januscape

Reply via email to