2 matches found
CVE-2026-23990
creationtimestamp| type| source ---|---|--- 2026-01-22 01:05:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcxyls5sgi23 2026-01-24 21:22:57+00:00| seen| https://gist.github.com/alon710/a8f00d02af9bbef05b5cf8f64b7e8a02 2026-01-24 22:19:08+00:00| seen|...
CVE-2026-23990
CVE-2026-23990 affects the Flux Operator Web UI in Flux CD/ControlPlane prior to 0.40.0. The issue is a privilege-escalation through an impersonation bypass when OIDC tokens provide empty/invalid claims that CEL expressions can evaluate to empty; then Kubernetes client-go fails to add impersonati...