EUVD-2026-32666

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

GHSA-8WXP-XXP2-RCGX Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

CVE-2025-2182

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key CAK. This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages...

Improper Authorization

org.cometd.java:cometd-java-oort is vulnerable to improper authorization. Remote attackers are able to subscribe and publish to Oort and Seti channels due to improper authorization, allowing interception of internal cluster traffic. As a result the remote attackers are able to create/modify/delet...

CVE-2020-8554

A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. Mitigation ExternalIP addresses ranges can be configured as described below. OCP 4 is secure by default, though...