A flaw was found in KubeVirt's RBAC (Role-Based Access Control) evaluation logic. The authorization mechanism improperly truncates subresource names during evaluation. This causes requests for granular subresources, such as vnc/screenshot or sev/*, to be incorrectly evaluated against their parent resource permissions (e.g., vnc or sev). As a result, the RBAC engine fails to enforce the intended granular access controls. This can cause legitimate users to be denied access or allow authenticated users with specific custom roles to gain unauthorized access to subresources.