Skip to main content

Azure Kubernetes Service

7 CVEs product

Monthly

CVE-2026-32193 HIGH PATCH NEWS This Week

Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

Microsoft Kubernetes Path Traversal Azure Kubernetes Service
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-21403 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2024-21376 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass RCE Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.2%
CVE-2023-29332 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-27075 MEDIUM PATCH This Month

Azure Virtual Machine Information Disclosure Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Container Instances Azure Container Registry Azure Kubernetes Service +2
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2021-24109 MEDIUM PATCH This Month

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Microsoft Information Disclosure Azure Kubernetes Service
NVD
CVSS 3.1
6.8
EPSS
2.0%
CVE-2021-1677 MEDIUM This Month

Azure Active Directory Pod Identity Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Kubernetes Service
NVD
CVSS 3.1
5.5
EPSS
1.1%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

Microsoft Kubernetes Path Traversal +1
NVD VulDB
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Kubernetes +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass RCE Kubernetes +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Azure Virtual Machine Information Disclosure Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Container Instances +4
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Azure Active Directory Pod Identity Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Kubernetes Service
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy