Start your day with intelligence. Get The OODA Daily Pulse.
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and x86_64 (AMD64) processor architectures. Successful exploitation allows attackers with root access inside a guest virtual machine (the default configuration on public cloud instances) to execute code as root on the host and take over all guests running on it or crash the host kernel (knocking every other tenant’s virtual machine on the same server offline).Januscape has been present in the Linux kernel for approximately 16 years before being patched in June 2026, and was used as a zero-day exploit in Google’s kvmCTF vulnerability reward program (VRP).
Full report : Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks