EUVD-2026-31268

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

CVE-2025-12103

CVE-2025-12103 affects Red Hat OpenShift AI Service (TrustyAI). The component creates a role trustyai-service-operator-lmeval-user-role and a ClusterRoleBinding trustyai-service-operator-default-lmeval-user-rolebinding applied to system:authenticated, granting every authenticated user/service acc...

CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

Internet Bug Bounty: Argo CD reconciles apps outside configured namespaces when sharding is enabled

An authorization bypass vulnerability was found in Argo CD versions 2.5.0-rc1 and later, allowing a malicious user to deploy applications outside of the configured allowed namespaces when sharding is enabled. The vulnerability was triggered when an application was updated, and the controller...