CLEANSTART-2026-GZ35045 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-gx3x-vq4p-mhhv, ghsa-hr2v-4r36-88hr, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj applied in versions: 2.4.0-r1, 2.4.0-r2, 2.4.0-r3

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: cilium-envoy, external-dns, kubernetes-csi-external-snapshotter, vault-k8s, incert, redpanda, flux-image-automation-controller, stern, seaweedfs, nri-elasticsearch, aws-signer-notation-plugin, oras, timoni, metacontroller, hubble-ui, nerdctl, crane, rancher-loglevel,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: cilium-envoy, external-dns, kubernetes-csi-external-snapshotter, vault-k8s, calico, incert, redpanda, flux-image-automation-controller, stern, seaweedfs, nri-elasticsearch, aws-signer-notation-plugin, oras, timoni, metacontroller, hubble-ui, nerdctl, crane,...

CLEANSTART-2026-OL32822 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, ghsa-gx3x-vq4p-mhhv applied in versions: 2.4.0-r1, 2.4.0-r2

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, pulumi-language-dotnet, crossplane-provider-aws-cloudfront, vcluster, trivy, pulumi-kubernetes-operator, flux-image-automation-controller, pulumi-language-yaml, cert-manager-cmctl, crossplane-provider-azure-managedidentity,...

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, pulumi-language-dotnet, crossplane-provider-aws-cloudfront, vcluster, trivy, pulumi-kubernetes-operator, flux-image-automation-controller, pulumi-language-yaml, cert-manager-cmctl, crossplane-provider-azure-managedidentity,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: gitlab-operator, syft, gitea-fips, datadog-agent-fips, docker-fips, dagger, flux-helm-controller, gitaly-fips, guac, image-factory-fips, zarf, policy-controller-fips, kyverno-policy-reporter-plugins-kyverno-fips, hydra, reports-server, terraform, wal-g,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: percona-xtradb-cluster-operator-fips, gitlab-operator, percona-server-mongodb-operator, aws-privateca-issuer-fips, cert-manager-istio-csr, cert-manager-openshift-routes, opentelemetry-operator, cert-manager-webhook-pdns, cert-manager-webhook-pdns-fips,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: mariadb-operator, cert-manager-csi-driver, cert-manager-istio-csr, cert-manager-webhook-pdns, step-issuer, opentelemetry-operator, aws-privateca-issuer, percona-server-mongodb-operator, cert-manager-cmctl...

GHSA-GX3X-VQ4P-MHHV vulnerabilities

Vulnerabilities for packages: mariadb-operator, cert-manager-csi-driver, cert-manager-istio-csr, cert-manager-webhook-pdns, step-issuer, opentelemetry-operator, aws-privateca-issuer, percona-server-mongodb-operator, cert-manager-cmctl...

GHSA-G9Q4-QJX4-2V7Q vulnerabilities

Vulnerabilities for packages: flux-kustomize-controller, external-dns, headlamp, mc, cilium-cli, newrelic-fluent-bit-output, flux-image-automation-controller, steampipe, scorecard, terraform-provider-pagerduty, k3s, aws-flb-kinesis, spire-server, cosign, thanos-operator, rancher-helm, k8sgateway,...

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, flux-kustomize-controller, s5cmd, minio-operator, external-dns, crossplane-provider-aws-cloudfront, headlamp, vault-k8s, calico, kuberay-operator, flannel, gogatekeeper, docker-credential-gcr, cluster-autoscaler,...

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: external-dns, vault-k8s, calico, flux-image-automation-controller, aws-signer-notation-plugin, timoni, metacontroller, hubble-ui, nerdctl, rancher-loglevel, nri-haproxy, telegraf, kubernetes-event-exporter, x509-certificate-exporter, net-kourier, kine,...

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: external-dns, vault-k8s, calico, flux-image-automation-controller, aws-signer-notation-plugin, timoni, metacontroller, hubble-ui, nerdctl, rancher-loglevel, nri-haproxy, telegraf, kubernetes-event-exporter, x509-certificate-exporter, net-kourier, kine,...

GHSA-GM9R-Q53W-2GH4 vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, flux-kustomize-controller, s5cmd, minio-operator, external-dns, crossplane-provider-aws-cloudfront, headlamp, vault-k8s, calico, kuberay-operator, flannel, gogatekeeper, docker-credential-gcr, cluster-autoscaler,...

GHSA-GR56-3GP6-6GMJ vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, flux-kustomize-controller, s5cmd, minio-operator, external-dns, crossplane-provider-aws-cloudfront, headlamp, vault-k8s, calico, kuberay-operator, flannel, gogatekeeper, docker-credential-gcr, rabbitmq-default-user-credential-updater,...

CLEANSTART-2026-OH86281 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-LL43287 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-EJ58111 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CVE-2024-12401 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr, cert-manager-webhook-pdns, step-issuer, aws-privateca-issuer, cert-exporter, cert-manager-cmctl...