There’s a pretty grisly CVE making the rounds. It’s being marketed as Januscape (CVE-2026-53359).
It is a KVM escape vulnerability that lets a guest escape to the host in a KVM/x86 environment. To the best of public knowledge, this is the first guest-to-host exploit research triggerable on both Intel and AMD rather than being limited to a single architecture.
Januscape is a use-after-free vulnerability in the shadow MMU emulation of KVM/x86. It can trigger the bug with guest-side actions alone to corrupt the host kernel’s shadow page, and it can threaten the guest-host isolation of KVM/x86 hosts that accept untrusted guests and expose nested virtualization, particularly multi-tenant x86 public clouds (GCP, AWS, etc.).
What this means is that if you have a VM, you can jump out of the VM and get panic the host kernel. The author states there are other possible endgames – presumably getting root.
Note that nested virtualization – it’s really important. Not all providers enable that. Nested virtualization is a feature that can be turned on by providers which allows guests to virtualize. So for example, you get a VPS from ExampleHost. Then on your VPS, you use Linux KVM to create some more VMs. They’re dog slow, but it does work. However, a lot of providers don’t enable the functionality.
I suspect there will be mass patching at a lot of providers in the next 24 hours, possibly proceeded by scripts to turn off nested virt on all guests.
BTW, the code that is exploited has been in the kernel since 2010:
The vulnerable code has been present since commit 2032a93d66fa in August 2010 (kernel 2.6.36 era) and was fixed by commit 81ccda30b4e8, merged into mainline on June 19, 2026.





















Leave a Reply