Preventive emergency maintenance on our cloud platform: the Januscape (CVE-2026-53359) vulnerability explained

By Cyso Cloud on

On 7 July 2026 we carried out preventive emergency maintenance across the Cyso cloud platform. Here is the story of what the vulnerability was, why we treated it as urgent, and how we handled it.

Preventive emergency maintenance on our cloud platform: the Januscape (CVE-2026-53359) vulnerability explained

What it is

The vulnerability is officially named CVE-2026-53359 and nicknamed "Januscape". It sits in KVM, the open-source virtualisation technology used by cloud providers across the industry, including us, to run virtual machines safely alongside each other on shared physical hardware.

At a technical level it is a memory-handling bug (a "use-after-free") in a part of KVM that has existed for around sixteen years. In everyday terms: under the right conditions, code running inside a virtual machine could reach beyond its own boundaries and disrupt, or potentially compromise, the physical host underneath it. Because many customers can share one physical host, a problem on that host can affect more than one tenant.

Two things made this one worth acting on immediately. First, it affects both Intel and AMD systems, so it is broad. Second, a public proof of concept was released that can crash a host, and the researcher reported that a more serious escape was possible in a controlled setting. When a demonstration is already circulating, waiting is not a neutral choice.

Why this matters for a cloud platform

The bug is not in any Cyso software, and it is not in the tools that manage our cloud. It is in the shared foundation, the hypervisor, that separates one customer's workload from another's. That separation is the single most important promise a cloud platform makes. Anything that weakens it, even in theory, is something we treat as a priority.

What we did

Fixed versions of the underlying software were released on 4 July 2026. As soon as they were available and validated, we began rolling them out across the affected parts of our platform.

We made a conscious decision here. We could have spread the work out to keep disruption as low as possible, or we could roll the fix out quickly and accept a short maintenance window. We chose speed and platform integrity. For most customers this meant a brief, scheduled reboot of their virtual machines, after which they returned automatically to patched, protected infrastructure.

We think that is the right trade-off. A short, planned interruption is a small price for closing a critical security gap before it can be used against anyone on the platform.

What it means for you

If you are a Cyso cloud or enterprise customer, there is almost certainly nothing you need to do. The maintenance is complete, your services are back online, and they are now running on patched infrastructure.

If anything looks off with a service following the maintenance, contact our support team and we will sort it out with you. You can follow the full status and timeline of this work on our status page at https://status.cyso.cloud.

The short version

A serious, industry-wide vulnerability appeared in the foundation that keeps cloud workloads isolated from one another. We patched our platform quickly, accepted a short maintenance window to do it properly, and kept your data and workloads protected throughout. That is exactly the kind of call we will always make on your behalf.

Stay up to date with the latest from our engineers and specialists.

Explore more insights on cloud and security from the Cyso team

View all blog posts View all blog posts