A vulnerability, which was classified as critical , has been found in QEMU . Affected is an unknown function of the component virtio-blk Device . This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-48914 . The attack is restricted to local execution. No exploit exists.