A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.
Conclusion & alert: CVE-2020-10701 is rated Moderate Risk (45.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.86%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.24% | 0.86% | +0.62% |
| 2 | 2026-03-21 | 0.25% | 0.24% | -0.01% |
| 3 | 2025-11-21 | — | 0.25% | — |
Full EPSS history (13 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
medium | CVE-2020-10701: 1 source package rows (libvirt); 3 state rows across 3 repos (3.11-main, 3.22-community, edge-community); fixed 0, open 3. | https://security.alpinelinux.org/vuln/CVE-2020-10701 |
debian
|
not yet assigned | CVE-2020-10701 not yet assigned priority: Debian including 1 source packages (libvirt), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2020-10701 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-10701 |
ubuntu
|
low | CVE-2020-10701 low priority: Ubuntu including 1 source packages (libvirt), 5 status rows across 5 suites (bionic, eoan, trusty, upstream, xenial): not-affected 4, needs-triage 1. | https://ubuntu.com/security/CVE-2020-10701 |
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1819163 | Issue Tracking Patch Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20210708-0001/ | Third Party Advisory |