4 matches found
SUSE CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
CVE-2026-26055
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
CVE-2026-26055
Summary: CVE-2026-26055 affects the Yoke ATC (Air Traffic Controller) component in 0.19.0 and earlier. The ATC webhook endpoints are unauthenticated, allowing any pod in the cluster network to send AdmissionReview requests directly to the webhook, bypassing Kubernetes API Server authentication. T...
yoke 代η 注ε ₯ζΌζ΄
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...