A flaw was found in the kubevirt-csi component of OpenShift Virtualizations Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker nodes volume by creating a custom Persistent Volume that matches the name of a worker node.
The product mixes trusted and untrusted data in the same data structure or structured message.