CVE-2026-24005

NONE
2026-02-25 [email protected] GHSA-9fj4-3849-rv9g

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 05, 2026 - 00:42 vuln.today
Public exploit code
Patch Released
Mar 05, 2026 - 00:42 nvd
Patch available
CVE Published
Feb 25, 2026 - 19:43 nvd
NONE

Tags

Kubernetes SSRF

Description

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue.

Analysis

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

20
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: +20

Share

CVE-2026-24005 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy