Inspektor Gadget

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25996 CRITICAL POC PATCH Act Now

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter injection. PoC and patch available.

Kubernetes Code Injection Inspektor Gadget Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24905 HIGH POC PATCH This Week

Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.

Kubernetes Command Injection Inspektor Gadget Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25996
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter injection. PoC and patch available.

Kubernetes Code Injection Inspektor Gadget +1
NVD GitHub
CVE-2026-24905
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.

Kubernetes Command Injection Inspektor Gadget +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy