CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

EUVD-2026-27038

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

EUVD-2026-17241

Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access...

Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno's CEL HTTP library pkg/cel/libs/http/ allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

Kyverno is vulnerable to server-side request forgery (SSRF)

Overview Kyverno, versions 1.16.0 to present, contains an SSRF vulnerability in its CEL-based HTTP functions, which lack URL validation or namespace scoping and allow namespaced policies to trigger arbitrary internal HTTP requests. An attacker with only namespace-level permissions can exploit thi...

CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

CVE-2025-62162

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

proto-types (>=0.1.0 <=0.1.1), protocheck-core (>=0.1.0 <=0.1.11) potentially affected by CVE-2025-62162 via cel (=0.11.0)

cel CARGO version =0.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on cel and may be impacted: - proto-types =0.1.0, =0.1.0, =0.1.11 Source cves: CVE-2025-62162 Source advisory: OSV:GHSA-WXWX-9FH7-5MRW...

GHSA-WXWX-9FH7-5MRW cel-rust May Panic During Parsing of Invalid CEL Expressions

Summary Parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g., user-supplied input over an API, an attacker can send crafted input to trigger a denial of service DoS. Remediation Upgrade to...

EUVD-2025-33786

cel-rust May Panic During Parsing of Invalid CEL Expressions...

CVE-2025-62162

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

CVE-2025-62162

CVE-2025-62162 — cel-rust DoS via malformed CEL expressions . The vulnerability affects the CEL interpreter written in Rust, specifically versions 0.10.0 through before 0.11.4. Parsing certain malformed CEL expressions can cause the parser to panic and terminate the process, enabling a denial of ...

CVE-2025-62162 cel-rust May Panic During Parsing of Invalid CEL Expressions

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

CVE-2025-62162 cel-rust May Panic During Parsing of Invalid CEL Expressions

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

PT-2025-41615

Name of the Vulnerable Software and Affected Versions cel-rust versions 0.10.0 through 0.11.3 Description cel-rust is a Common Expression Language interpreter written in Rust. Parsing specific, malformed Common Expression Language CEL expressions can cause the parser to terminate unexpectedly. If...