ITScape KVM Escape: Public PoC Exploit Threatens Cloud Hosts

A proof-of-concept for an ITScape KVM escape issue has been publicly released, tracked as CVE-2026-46316. The flaw impacts KVM/arm64 environments by enabling untrusted guest virtual machines to break isolation and execute commands on the host with kernel (root) privileges. Because the bug resides in-kernel KVM and can be triggered from guest-side actions, it significantly raises risk for multi-tenant public cloud providers and tenants running affected kernel versions.