// Alert

Google Cloud threat report

Januscape (CVE-2026-53359), a 16-year-old use-after-free vulnerability in KVM's shadow MMU, enables guest-to-host escape on systems with nested virtualization enabled. Discovered by researcher Hyunwoo Kim via Google's kvmCTF bug bounty program, the flaw allows root access on the host machine. The vulnerability affects both Intel and AMD processors and has been present since kernel 2.6.36 (August 2010). Patches are available; organizations should update immediately or disable nested virtualization if patching is delayed.

// Get alerts for Google Cloud