Lucene search
K

322 matches found

CVE
CVE
added 2026/05/13 8:4 a.m.25 views

CVE-2026-41050

CVE-2026-41050 describes a multi-tenant isolation failure in Fleet’s Helm deployer where ServiceAccount impersonation was not consistently applied in two code paths, causing the Helm template engine to run Kubernetes API queries and read Secret/ConfigMap references with the fleet-agent’s cluster-...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

External Secrets 授权问题漏洞

External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets prior to 2.4.0 had an authorization issue vulnerability. This vulnerability stemmed from the use of CAProvider for the SecretStore resource, allowing it to resolve CA...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 6:37 p.m.7 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the CAProvider configuration process for SecretStore resources when resolving ConfigMaps across namespaces. An attacker can access CA material from another namespace by specifying the...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 6:37 p.m.4 views

GHSA-WV26-88M5-6H59 External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

Impact Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.15 views

SUSE CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

6.4CVSS5.7AI score0.00254EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37287

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.4.0 Description Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from a different namespace when the caProvider.namespace variable was set. This...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 10:13 a.m.6 views

CVE-2026-41174

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...

6.4CVSS5.5AI score0.00254EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

10CVSS5.8AI score0.00767EPSS
Exploits4References10
NVD
NVD
added 2026/04/30 9:16 p.m.6 views

CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

6.4CVSS0.00254EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/30 8:20 p.m.7 views

EUVD-2026-26432

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS5.2AI score0.00254EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:20 p.m.4 views

CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS5.2AI score0.00254EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 8:20 p.m.5 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS5.7AI score0.00254EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/30 8:20 p.m.33 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS0.00254EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/04/30 8:20 p.m.6 views

CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

6.4CVSS5.7AI score0.00254EPSS
Exploits1References5
CVE
CVE
added 2026/04/30 8:20 p.m.53 views

CVE-2026-41174

Summary: CVE-2026-41174 affects Traefik’s Kubernetes CRD provider where cross-namespace isolation is breached for nested Chain middlewares, allowing an actor with CRD permissions in their own namespace to cause Traefik to apply middleware from another namespace. The issue occurs when providers.ku...

6.4CVSS5.2AI score0.00254EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/28 8:42 a.m.2 views

BIT-KYVERNO-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS5.4AI score0.00266EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/24 8:12 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

6.4CVSS5.3AI score0.00254EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 8:12 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

6.4CVSS5.3AI score0.00254EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 8:12 p.m.7 views

GHSA-XHJW-95FP-8VGQ Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...

6.4CVSS5.9AI score0.00254EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/24 8:12 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

6.4CVSS5.3AI score0.00254EPSS
Exploits1References2
Rows per page
Query Builder