HomeCVE Intelligence › CVE-2026-53359
CVSS 8.0 HIGH 🔴 ACTIVELY EXPLOITED Zero-Day Exploit

CVE-2026-53359: Januscape (CVE-2026-53359): 16 year old Critical Linux KVM Guest-to-Host Escape, PoC Publ…

<!-SC_OFF --><div class="md"><p>Hyunwoo Kim (@v4bel) dropped a use-after-free in Linux KVM's shadow MMU that triggers from inside a guest VM on both Intel and AMD. First publicly docu…

8.0CVSS Score
HIGHSeverity
NOCISA KEV
Zero-Day ExploitImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-53359
Vendorreddit_cyber
Affected ProductThreat Intelligence
Vulnerability TypeZero-Day Exploit
CVSS Score8.0 (HIGH)
Actively Exploited✅ Yes
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via reddit_cyber)

🔬 Technical Analysis

<!-- SC_OFF --><div class="md"><p>Hyunwoo Kim (@v4bel) dropped a use-after-free in Linux KVM's shadow MMU that triggers from inside a guest VM on both Intel and AMD. First publicly documented KVM escape that works cross-architecture.</p> <p><strong>Key points</strong>:<br/> - Bug has been in the kernel since August 2010 (commit 2032a93d66fa)<br/> - Triggered entirely from guest-side..no hypervisor or host user interaction needed<br/> - Lives in <strong>in-kernel KVM</strong>, not QEMU, fires independently of the emulation stack, meaning cloud providers with custom virt stacks are also in scope<br/> - Current PoC causes a host kernel panic (DoS). Full RCE escape exists but is not being released

🎯 Known Indicators of Compromise

{"type":"url","value":"https://detections.ai/share/inspiration/RWO7S9Q7">detections.ai</a></p>","confidence_score":0.82,"first_seen":"2026-07-06","source_count":1} {"type":"url","value":"https://www.reddit.com/user/3eandrews3">","confidence_score":0.82,"first_seen":"2026-07-06","source_count":1} {"type":"url","value":"https://www.reddit.com/r/cybersecurity/comments/1upam5a/januscape_cve202653359_16_year_old_critical_","confidence_score":0.82,"first_seen":"2026-07-06","source_count":1} {"type":"domain","value":"www.reddit.com","confidence_score":0.75,"first_seen":"2026-07-06","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-53359 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence