Skip to main content

Kubernetes CVE-2026-39961

| EUVDEUVD-2026-20965 MEDIUM
Improper Privilege Management (CWE-269)
2026-04-09 GitHub_M GHSA-99j8-wv67-4c72
6.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Apr 10, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 09, 2026 - 17:45 euvd
EUVD-2026-20965
Analysis Generated
Apr 09, 2026 - 17:45 vuln.today
CVE Published
Apr 09, 2026 - 17:14 nvd
MEDIUM 6.8

DescriptionGitHub Advisory

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace - production database credentials, API keys, service tokens - with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and writes the password into a new secret in the attacker's namespace. The operator acts as a confused deputy: its ServiceAccount has cluster-wide secret read/write (aiven-operator-role ClusterRole), and it trusts user-supplied namespace values in spec.connInfoSecretSource.namespace without validation. No admission webhook enforces this boundary - the ServiceUser webhook returns nil, and no ClickhouseUser webhook exists. This vulnerability is fixed in 0.37.0.

AnalysisAI

Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. The vulnerability is fixed in version 0.37.0.

Technical ContextAI

Aiven Operator is a Kubernetes controller that provisions and manages Aiven cloud services through custom resource definitions (CRDs). The vulnerability stems from insufficient validation in the spec.connInfoSecretSource.namespace field of the ClickhouseUser CRD. The operator's ServiceAccount is granted a broad ClusterRole (aiven-operator-role) with cluster-wide secret read and write permissions, following least-privilege failure patterns. When processing ClickhouseUser resources, the operator trusts user-supplied namespace values without validation, allowing an attacker to reference secrets in other namespaces. This is a classic confused deputy problem (CWE-269: Improper Access Control): the operator, trusted to read secrets in its own scope, is manipulated into accessing resources outside intended boundaries because no admission webhook (neither the ServiceUser webhook nor a ClickhouseUser-specific webhook) enforces namespace isolation at the API server level. The operator reads the victim namespace's secret using its elevated permissions and writes the extracted credentials into a new secret in the attacker's namespace.

RemediationAI

Vendor-released patch: upgrade Aiven Operator to version 0.37.0 or later. This release includes the fix that validates namespace values in spec.connInfoSecretSource.namespace and implements proper admission controls to prevent cross-namespace secret access. Users should deploy the patched version immediately to all Kubernetes clusters running affected versions. Additionally, as an interim mitigation until upgrade is possible, restrict RBAC permissions for ClickhouseUser CRD creation to trusted personnel only and audit existing ClickhouseUser resources for potentially malicious namespace references in spec.connInfoSecretSource. See the GitHub security advisory at https://github.com/aiven/aiven-operator/security/advisories/GHSA-99j8-wv67-4c72 for additional details and the release notes at https://github.com/aiven/aiven-operator/releases/tag/v0.37.0 for upgrade instructions.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-39961 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy