# Januscape

> **TL;DR.** Januscape is the branded name for [CVE-2026-53359](https://www.

- **Category:** Security / Vulnerabilities / Virtualization
- **Stage:** nascent
- **Age:** 2 days
- **Origin date:** 2026-07-06
- **First detected:** 2026-07-06
- **Canonical URL:** https://earlyterms.com/term/januscape
- **Sources:** 6 primary URLs

## Definition

Januscape is the branded name for [CVE-2026-53359](https://www.openwall.com/lists/oss-security/2026/07/06/7), a use-after-free bug in the shadow MMU code KVM shares between Intel and AMD x86 hosts, letting a guest VM with root access corrupt and escape to the host kernel.

Researcher Hyunwoo Kim ([@v4bel](https://github.com/V4bel/Januscape)) disclosed it July 6, 2026, tracing the flaw to an August 2010 kernel commit — 16 years dormant — and submitted it as a zero-day to Google's kvmCTF bounty, which pays up to $250,000 for a full guest-to-host escape exploit chain.

## Analogy

Like a bouncer who checks only a badge's address, not its role, letting an expired badge reopen a door it should no longer unlock.

## Why it's emerging now

Hyunwoo Kim disclosed a 16-year-old KVM use-after-free on July 6, 2026 that breaks guest-to-host isolation on both Intel and AMD — the security boundary every multi-tenant cloud and VPS host depends on.

## Related terms

- *alias:* CVE-2026-53359
- *related:* ITScape
- *related:* CVE-2026-46316
- *parent:* KVM
- *related:* shadow MMU
- *related:* kvmCTF
- *parent:* VM escape
- *related:* nested virtualization
- *related:* Heartbleed
- *related:* Meltdown
- *related:* Dirty Cow

## Sources

1. [Januscape PoC and writeup (V4bel/Januscape)](https://github.com/V4bel/Januscape)
2. [Original oss-security coordinated disclosure](https://www.openwall.com/lists/oss-security/2026/07/06/7)
3. [Hacker News thread (139 points)](https://news.ycombinator.com/item?id=48807908)
4. [The Hacker News: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host](https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html)
5. [CSO Online: 16-year-old KVM flaw allows attackers to escape VMs](https://www.csoonline.com/article/4194085/16-year-old-kvm-flaw-allows-attackers-to-escape-vms-and-take-over-linux-servers.html)
6. [CloudLinux: Januscape mitigation and kernel update](https://blog.cloudlinux.com/januscape-cve-2026-53359-mitigation-and-kernel-update-on-cloudlinux/)

---
_Generated by EarlyTerms · https://earlyterms.com/term/januscape_
