
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host.
According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and x86_64 (AMD64) processor architectures.
Januscape has been present in the Linux kernel for approximately 16 years before being patched in June 2026, and was used as a zero-day exploit in Google’s kvmCTF vulnerability reward program (VRP).
Successful exploitation allows attackers with root access inside a guest virtual machine (the default configuration on public cloud instances) to execute code as root on the host and take over all guests running on it or crash the host kernel (knocking every other tenant’s virtual machine on the same server offline).
Kim described Januscape as the first guest-to-host exploit that can be triggered on both Intel and AMD processor architectures, rather than being limited to a single platform, and noted that it poses a distinct risk to multi-tenant public cloud environments, such as those offered by Google Cloud and Amazon Web Services.
“With guest-side actions alone, an attacker can compromise the host that runs their VM,” Kim explained on Monday. “For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).”
On some Linux distros, such as Red Hat Enterprise Linux (RHEL), where /dev/kvm is world-writable, unprivileged attackers can also exploit CVE-2026-53359 to reliably gain root permissions on unpatched devices.

The security researcher published a technical write-up and a proof-of-concept exploit that can trigger a host kernel panic, and said that a full guest-to-host escape exploit will not be released for the foreseeable future.
Administrators running KVM/x86 hosts that accept multi-tenant guests should confirm that patch commit 81ccda30b4e8 has been applied to the host kernel to ensure the hosts are secure against attacks.
In May 2026, Kim also disclosed Dirty Frag, a Linux local privilege escalation flaw that chains xfrm-ESP (CVE-2026-43284) and RxRPC (CVE-2026-43500) page-cache write vulnerabilities to gain root access on major distributions, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, and Fedora.
Kim noted that attackers without guest root access on a target device could chain the Dirty Frag and Januscape flaws to achieve full compromise.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.


