CLEANSTART-2026-GZ35045 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-gx3x-vq4p-mhhv, ghsa-hr2v-4r36-88hr, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj applied in versions: 2.4.0-r1, 2.4.0-r2, 2.4.0-r3

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, infinispan-operator, kubernetes-dashboard-metrics-scraper, eksctl, mc, flux-operator, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, sftpgo, kubernetes-dashboard-web,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, infinispan-operator, kubernetes-dashboard-metrics-scraper, eksctl, mc, flux-operator, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, kubeflow-katib, sftpgo,...

CLEANSTART-2026-OL32822 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, ghsa-gx3x-vq4p-mhhv applied in versions: 2.4.0-r1, 2.4.0-r2

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: gptscript, vcluster, wolfictl, pulumi-language-dotnet, boring-registry, docker, pulumi-kubernetes-operator, rclone, opentofu, argo-rollouts, datadog-agent, flux-kustomize-controller, cerbos, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: gptscript, vcluster, wolfictl, pulumi-language-dotnet, boring-registry, docker, pulumi-kubernetes-operator, rclone, opentofu, argo-rollouts, datadog-agent, flux-kustomize-controller, cerbos, cilium-cli, crossplane-provider-aws-sns, crossplane-provider-aws-elasticache...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: trivy, reports-server, datadog-agent, nuclei, cert-manager-cmctl, crossplane-provider-azure-managedidentity, terragrunt, livekit-cli, atlantis, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, scorecard, crossplane-provider-aws-route53-fips,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: cert-manager-csi-driver, percona-server-mongodb-operator, cert-manager-cmctl, mariadb-operator-fips, cert-manager-openshift-routes, step-issuer, cert-manager-google-cas-issuer, aws-privateca-issuer, mariadb-operator, percona-server-mongodb-operator-fips,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: step-issuer, mariadb-operator, aws-privateca-issuer, cert-manager-istio-csr, cert-manager-cmctl, cert-manager-webhook-pdns, cert-manager-csi-driver, opentelemetry-operator, percona-server-mongodb-operator...

GHSA-GX3X-VQ4P-MHHV vulnerabilities

Vulnerabilities for packages: step-issuer, mariadb-operator, aws-privateca-issuer, cert-manager-istio-csr, cert-manager-cmctl, cert-manager-webhook-pdns, cert-manager-csi-driver, opentelemetry-operator, percona-server-mongodb-operator...

GHSA-G9Q4-QJX4-2V7Q vulnerabilities

Vulnerabilities for packages: k8sgateway, kube-arangodb, telegraf, kine, eksctl, redis-operator, runc, redka, external-secrets-operator, prometheus, mc, thanos-operator, falco-no-driver, ferretdb, kubernetes-dns-node-cache, flux-image-automation-controller, dask-gateway, hubble, kubo, argo-cd,...

GHSA-GR56-3GP6-6GMJ vulnerabilities

Vulnerabilities for packages: cluster-api-ipam-provider-in-cluster, tofu-controller, gke-gcloud-auth-plugin, secrets-store-csi-driver-provider-aws, gptscript, kube-arangodb, kubernetes-dashboard-metrics-scraper, telegraf, undock, eksctl, volume-modifier-for-k8s, mc, local-path-provisioner,...

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, gptscript, kubernetes-dashboard-metrics-scraper, eksctl, mc, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, goreleaser, kubelet-csr-approver, tfsec, dockerize, newrelic-infra-operator, ferretdb, contour, hubble,...

GHSA-GM9R-Q53W-2GH4 vulnerabilities

Vulnerabilities for packages: cluster-api-ipam-provider-in-cluster, tofu-controller, gke-gcloud-auth-plugin, secrets-store-csi-driver-provider-aws, gptscript, kube-arangodb, kubernetes-dashboard-metrics-scraper, telegraf, undock, eksctl, volume-modifier-for-k8s, mc, local-path-provisioner,...

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, gptscript, kubernetes-dashboard-metrics-scraper, eksctl, mc, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, goreleaser, kubelet-csr-approver, tfsec, dockerize, newrelic-infra-operator, ferretdb, contour, hubble,...

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: cluster-api-ipam-provider-in-cluster, tofu-controller, gke-gcloud-auth-plugin, secrets-store-csi-driver-provider-aws, gptscript, kube-arangodb, kubernetes-dashboard-metrics-scraper, telegraf, undock, eksctl, volume-modifier-for-k8s, mc, local-path-provisioner,...

CLEANSTART-2026-OH86281 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-LL43287 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-EJ58111 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CVE-2024-12401 vulnerabilities

Vulnerabilities for packages: step-issuer, aws-privateca-issuer, cert-manager-istio-csr, cert-manager-cmctl, cert-manager-webhook-pdns, cert-exporter...