GHSA-WV8C-6MX2-XF4J Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService

Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...

CVE-2026-49298

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

An AI gateway designed to steal your data

A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed...

PT-2026-26057

Name of the Vulnerable Software and Affected Versions Juju versions 3.0.0 through 3.6.18 Description Juju’s authorization for the 'secret-set' tool is flawed, allowing a grantee to update secret content. Even when an error is logged during an exploitation attempt, the secret is still updated, and...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

CVE-2026-23990 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

CVE-2026-23990 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...

GHSA-XRWG-MQJ6-6M22 Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

PT-2025-34070 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

PT-2025-34069 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the security policies such as allowed-gadgets, disallow-pulling, and verify-image. An attacker can bypass these security measures by possessing the correct TLS certificates or having access to the Kubernet...

GO-2025-3521 Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes...

SUSE CVE-2025-24030

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

Ansible: kubectl connection plugin leaks sensitive information

A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw...