Cybersecurity Announcement: Linux KVM Hypervisor Escape Vulnerability - “Januscape” (CVE-2026-53359)

This document is the cybersecurity announcement for the Januscape Linux LPE vulnerability

About the Event

On July 7, 2026, Openwall released a security advisory for a 16-year-old vulnerability residing in Linux’s KVM Hypervisor since kernel 2.6.36 . There are no known exploits in the wild; however, a public POC exists.

 

Actions to Consider

Cybersecurity recommends admins running vulnerable versions should patch at an accelerated rate. Additionally, it is recommended to confirm patch availability against your vendor’s tracker rather than the mainline version alone.  Please reference the GitHub article for the affected versions. 

 

Event Impact

A threat actor with root privilege on a virtual machine running on a vulnerable KVM hypervisor could execute commands on the hypervisor, potentially as root and could lead to complete system control. 

 

References

 



Keywords:
Januscape CVE-2026-53359 Linux KVM Hypervisor Escape Vulnerability 
Doc ID:
162522
Owned by:
TCD K. in Cybersecurity Testing and Cyber Defense
Created:
2026-07-08
Updated:
2026-07-08
Sites:
Cybersecurity Testing and Cyber Defense, Cybersecurity Vulnerablity Management