CLEANSTART-2026-AY21238 security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion

Security vulnerability affects the kubernetes-dns-node-cache package. A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion...

EUVD-2025-7150

Malicious code in bioql PyPI...

Information Disclosure

github.com/projectcalico/calico is vulnerable to Information Disclosure. The vulnerability is due to a compromised pod with sufficient privilege being able to reconfigure the node’s IPv6 interface, as the node accepts route advertisement by default, allowing the attacker to redirect full or parti...

GHSA-9394-XFQ9-6QRP Calico vulnerable to pod route hijacking

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico

Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...

GHSA-PF59-J7C2-RH6X Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico

Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a vulnerability in CNI IPv6 route advertisement (CVE-2020-13597)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in CNI IPv6 route advertisement that could allow the attacker to redirect full or partial network traffic from the node to the compromised pod within the cluster CVE-2020-13597 Vulnerability Details CVEID: CVE-2020-13597...

CVE-2020-13597

Clusters using Calico version 3.14.0 and below, Calico Enterprise version 2.8.2 and below, may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...