CVE-2026-25199: Apache CloudStack Proxmox Tenant Isolation Bypass
A critical tenant isolation vulnerability tracked as CVE-2026-25199 has been disclosed in Apache CloudStack, the open-source cloud infrastructure platform used to deploy and manage large-scale virtualized environments. The flaw exists in the Proxmox hypervisor extension and allows a tenant to gain unauthorized access to VM instances belonging to other tenants by exploiting a user-editable instance setting.
The vulnerability was published on May 8, 2026, assigned a CVSS v3.1 score of 9.1 (Critical), and affects Apache CloudStack versions 4.21.0.0 through 4.22.0.0 with the Proxmox extension enabled.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-25199 |
| CVSS Score | 9.1 (Critical) |
| CWE Classification | CWE-284 — Improper Access Control |
| Affected Component | Proxmox extension for Apache CloudStack |
| Affected Versions | 4.21.0.0 through 4.22.0.0 |
| Attack Vector | Network |
| Authentication Required | Low (authenticated tenant user) |
| User Interaction | None |
| Primary Impact | Cross-tenant VM instance access and control |
Affected Versions
| Product | Affected Range |
|---|---|
| Apache CloudStack | 4.21.0.0 through 4.22.0.0 |
| Proxmox Extension | Bundled with affected CloudStack versions |
Deployments using CloudStack with Proxmox as the hypervisor backend are affected. Deployments using other hypervisor backends (VMware, KVM without Proxmox integration, XenServer) are not affected by this specific vulnerability.
Technical Details
Root Cause: User-Editable VMID Mapping
The Proxmox extension for Apache CloudStack bridges the CloudStack management plane with a Proxmox VE hypervisor cluster. When an instance is deployed via the Proxmox backend, CloudStack stores the corresponding Proxmox VM ID in an instance-level setting named proxmox_vmid.
The critical design flaw is that proxmox_vmid is stored as a user-editable instance setting. A tenant user who has access to their own instance can modify this field, pointing it to the VMID of a VM belonging to a different tenant. CloudStack then uses the attacker-controlled VMID when issuing subsequent management operations to the Proxmox backend — treating the target VM as if it were the attacker's own instance.
Exploitation Path
Authenticated tenant user
→ Identifies proxmox_vmid of target tenant's VM
(via guessing sequential VMIDs, Proxmox UI access, or information disclosure)
→ Modifies own instance's proxmox_vmid to target value
→ Issues CloudStack management operations (stop, start, snapshot, migrate, etc.)
→ CloudStack passes attacker-controlled VMID to Proxmox backend
→ Proxmox executes operation on the target tenant's VM
→ Cross-tenant VM access and control achieved
What an Attacker Can Do
Once the proxmox_vmid is set to a victim tenant's VM, the attacker can:
- Start/stop/reboot the victim tenant's instances, causing service disruption
- Create snapshots of victim instances, potentially exfiltrating disk contents
- Migrate victim instances to attacker-controlled hosts
- Delete victim instances and associated storage volumes
- Access instance consoles to interact with running systems
Impact Assessment
| Impact Area | Description |
|---|---|
| Data Confidentiality | Attacker can snapshot and access disk contents of other tenants' VMs |
| Service Availability | Attacker can stop or delete other tenants' running instances |
| Data Integrity | Attacker can modify running state, inject into snapshots, or corrupt storage |
| Multi-Tenant Isolation | Fundamental cloud boundary between tenants is broken |
| Compliance | Violates data isolation requirements in regulated environments (PCI DSS, HIPAA, SOC 2, FedRAMP) |
| Cloud Provider Liability | MSPs and cloud providers face significant liability if tenant data is accessed |
The severity is amplified in managed service provider (MSP) and public cloud contexts, where multiple unrelated customers share the same CloudStack/Proxmox infrastructure. In these environments, a single malicious or compromised tenant account can access every other tenant's virtual machines.
Remediation
Upgrade Apache CloudStack
Update Apache CloudStack to a patched version. Monitor the Apache CloudStack Security page for the official patched release announcement following CVE-2026-25199 disclosure.
Interim Mitigations
While awaiting a patched release:
-
Restrict user ability to modify instance settings — Evaluate whether the CloudStack API can be locked down to prevent non-admin modification of
proxmox_vmidthrough API ACL customizations or custom role restrictions -
Audit existing instances — Check for any
proxmox_vmidvalues that do not correspond to the correct tenant's VMID namespace:- Review CloudStack instance settings via the admin API
- Cross-reference
proxmox_vmidvalues against expected Proxmox VM ownership records
-
Monitor for anomalous VMID references — Alert on CloudStack API calls that reference VMIDs outside the calling tenant's allocated range
-
Restrict Proxmox API credentials — Ensure the CloudStack service account on Proxmox has the minimum permissions required; consider whether per-tenant Proxmox accounts are feasible
-
Temporarily disable the Proxmox extension — If alternative hypervisor backends are available, consider migrating workloads off Proxmox until a patch is applied
Context: Apache CloudStack and Proxmox Adoption
Apache CloudStack is widely deployed by managed cloud service providers, enterprise private clouds, and telco infrastructure operators as an alternative to OpenStack and commercial cloud management platforms. The addition of Proxmox VE as a supported hypervisor backend — introduced in recent CloudStack versions — expanded its appeal to organizations already running Proxmox infrastructure.
CVE-2026-25199 is a textbook example of broken object-level authorization in multi-tenant infrastructure: user-controlled identifiers are used to reference shared resources without verification that the identifier maps to a resource the authenticated user is permitted to access. This vulnerability class consistently appears in cloud infrastructure due to the complexity of associating logical resource identifiers with physical hypervisor objects across abstraction layers.
Key Takeaways
- CVE-2026-25199 is a CVSS 9.1 critical tenant isolation bypass in Apache CloudStack's Proxmox extension, affecting versions 4.21.0.0 through 4.22.0.0
- The root cause is that
proxmox_vmidis user-editable, allowing tenants to redirect CloudStack operations to other tenants' VMs - Successful exploitation enables cross-tenant VM access, snapshot creation, service disruption, and data exfiltration
- Only deployments using CloudStack with the Proxmox extension are affected — other hypervisor backends are not impacted
- Upgrade to a patched CloudStack version immediately; apply API access controls and VMID auditing as interim measures
- MSPs and cloud providers operating multi-tenant Proxmox deployments via CloudStack should treat this as critical business risk