Lucene search
K

131 matches found

OSV
OSV
added last week4 views

GHSA-MHC6-2GFQ-XX62 Rancher vulnerable to command injection through unsanitized YAML parameter

Impact A critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters. This endpoint accepts an authImage query parameter that is rendered without sanitization into a generated...

9.6CVSS6.2AI score0.01277EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 6:20 p.m.17 views

EUVD-2026-36102

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 6:19 p.m.11 views

EUVD-2026-36100

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 6:19 p.m.5 views

GHSA-GX55-F84R-V3R7 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Summary Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podsp...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 6:18 p.m.3 views

GHSA-WMGG-3P4H-48X7 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Summary A stronger framing of the same root cause as GHSA-gx55-f84r-v3r7: the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. Details Three independent flaws compounded: 1. Validate gap...

9.9CVSS5.8AI score0.003EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5072 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References7
NVD
NVD
added 2026/06/10 6:17 p.m.16 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:27 p.m.27 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:27 p.m.29 views

CVE-2026-50564

CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...

9.9CVSS5.5AI score0.00274EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00424EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.9 views

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

7.8CVSS5.7AI score0.001EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the issue of accessing an invalid dipctx during the destruction of QP. If the system fails to modify QP to RTR, the dipctx will not be attached. During the destruction of QP, the invalid dipctx pointer will be...

5.5CVSS6.1AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:38 a.m.8 views

BIT-ARGO-WORKFLOWS-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40272

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References6
NVD
NVD
added 2026/05/09 4:16 a.m.26 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS0.00424EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/05/09 3:52 a.m.43 views

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS0.00424EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/05/09 3:52 a.m.11 views

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS7.1AI score0.00424EPSS
Exploits2References4
EUVD
EUVD
added 2026/05/09 3:52 a.m.13 views

EUVD-2026-28894

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 3:52 a.m.10 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder