CVE-2026-41174

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

Path Traversal

github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...

SUSE CVE-2024-25131

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...

GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator

The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...

Sensitive Information Disclosure

Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...

OESA-2023-1414 kubernetes security update

Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...

Privilege escalation

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...