Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionGitHub Advisory
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable the gitrepo artifact types.
AnalysisAI
Remote code execution in Spinnaker's clouddriver component allows authenticated attackers to execute arbitrary commands on clouddriver pods via gitrepo artifact processing. Affects all versions prior to patched releases 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2. The vulnerability enables credential theft, file manipulation, and resource injection with minimal complexity (CVSS 9.9, AV:N/AC:L/PR:L). EPSS data not available; no public exploit or active exploitation confirmed at time of analysis, but the attack simplicity and multi-cloud CD platform context create high risk for supply chain compromise in containerized environments.
Technical ContextAI
Spinnaker is a multi-cloud continuous delivery platform developed by Netflix, commonly deployed in Kubernetes environments to orchestrate application deployments across AWS, GCP, Azure, and other cloud providers. The clouddriver component serves as Spinnaker's primary integration point with cloud providers and artifact sources. This vulnerability (CWE-20: Improper Input Validation) exists in the gitrepo artifact type handler within clouddriver. When processing git repository artifacts, insufficient validation of user-supplied input allows command injection, enabling attackers to execute arbitrary shell commands within the clouddriver pod's security context. The CPE cpe:2.3:a:spinnaker:spinnaker identifies the affected platform broadly, with the vulnerability specifically impacting versions across multiple release branches (2025.3.x, 2025.4.x, 2026.0.x) prior to the patched versions. The scope change (S:C in CVSS) indicates the vulnerability can impact resources beyond the clouddriver container itself, likely due to the component's privileged access to cloud credentials and Kubernetes cluster resources.
RemediationAI
Upgrade to vendor-released patched versions: 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2 depending on your current release branch (https://github.com/spinnaker/spinnaker/releases). For immediate mitigation if patching is delayed, disable gitrepo artifact types in Spinnaker configuration (clouddriver.yml or halyard config). This workaround prevents exploitation but will break pipelines dependent on git repository artifacts - test impact on existing deployments before applying. Alternative compensating controls include restricting network access to Spinnaker API/UI to trusted networks only (limits AV:N exposure), implementing strict authentication controls to minimize PR:L attack surface, and monitoring clouddriver pod exec events via Kubernetes audit logs for suspicious command execution. If gitrepo artifacts must remain enabled pre-patch, apply strict input validation at pipeline definition level and restrict repository sources to trusted internal git servers only. Note that disabling gitrepo artifacts requires pipeline reconfiguration and may necessitate alternative artifact delivery mechanisms (Docker registry, S3, GCS). Review clouddriver pod service account permissions and apply least-privilege principles to limit blast radius of successful exploitation.
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to versio
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.
Remote code execution in Spinnaker's Rosco bakery service allows an authenticated user to run arbitrary code on Rosco po
Spinnaker is an open source, multi-cloud continuous delivery platform. Rated medium severity (CVSS 5.3), this vulnerabil
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23963
GHSA-x3j7-7pgj-h87r