Cybersecurity Announcement: Linux KVM Hypervisor Escape Vulnerability - “Januscape” (CVE-2026-53359)
About the Event
On July 7, 2026, Openwall released a security advisory for a 16-year-old vulnerability residing in Linux’s KVM Hypervisor since kernel 2.6.36 . There are no known exploits in the wild; however, a public POC exists.
Actions to Consider
Cybersecurity recommends admins running vulnerable versions should patch at an accelerated rate. Additionally, it is recommended to confirm patch availability against your vendor’s tracker rather than the mainline version alone. Please reference the GitHub article for the affected versions.
Event Impact
A threat actor with root privilege on a virtual machine running on a vulnerable KVM hypervisor could execute commands on the hypervisor, potentially as root and could lead to complete system control.
References
https://www.openwall.com/lists/oss-security/2026/07/06/7
https://github.com/V4bel/Januscape
https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html