CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

GHSA-WQCW-G35J-J578 Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

IBM Turbonomic prometurbo agent 安全漏洞

The IBM Turbonomic prometurbo agent is a component in IBM Turbonomic Application Resource Management that is used to manage resource configurations. An elevation of privilege vulnerability exists in IBM Turbonomic prometurbo agent. The vulnerability stems from an excessive cluster-wide permission...

PT-2026-36199

Name of the Vulnerable Software and Affected Versions IBM Turbonomic prometurbo agent versions 8.16.0 through 8.17.6 Description IBM Turbonomic Application Resource Management grants excessive cluster-wide permissions, which include unrestricted read access to all secrets. An attacker who...

Security Bulletin: IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability (CVE-2026-6389)

Summary IBM Turbonomic Prometurbo is an agent used by IBM Turbonomic Application Resource Management to integrate with Prometheus to collect application metrics and send them to Turbonomic for analysis and generation of optimization plans. A security vulnerability has been addressed in the IBM...

SUSE CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

PT-2025-46674

Name of the Vulnerable Software and Affected Versions Observability Operator affected versions not specified Description The Observability Operator creates a ServiceAccount with ClusterRole permissions when deploying a Namespace-Scoped Custom Resource called MonitorStack. This allows a Kubernetes...