"Assessing Unikernel Security" - https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2019/ncc_group-assessing_unikernel_security.pdf

"We surveyed two major unikernels, Rumprun and IncludeOS .. Features like ASLR, W^X, stack canaries,
heap integrity checks and more are either completely absent or seriously flawed. If an
application running on such a system contains a memory corruption vulnerability, it is
often possible for attackers to gain code execution, even in cases where the application’s source and binary are unknown ..