CVE-2026-44424

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

Authorization Bypass

Kyverno is vulnerable to Authorization Bypass. The vulnerability is due to a critical authorization boundary bypass in namespaced Kyverno Policy apiCall, where the resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited t...

Improper Network Access Control

github.com/ctfer-io/fullchain is vulnerable to improper network access control. The vulnerability is due to a misconfigured inter-namespace NetworkPolicy, which allows a malicious actor to pivot from a compromised application to Pods outside the original namespace...

External Secrets 授权问题漏洞

External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets prior to 2.4.0 had an authorization issue vulnerability. This vulnerability stemmed from the use of CAProvider for the SecretStore resource, allowing it to resolve CA...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the CAProvider configuration process for SecretStore resources when resolving ConfigMaps across namespaces. An attacker can access CA material from another namespace by specifying the...

PT-2026-37287

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.4.0 Description Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from a different namespace when the caProvider.namespace variable was set. This...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

PT-2026-29583

Name of the Vulnerable Software and Affected Versions Temporal Server versions 1.29.0 and later Description A user with a writer role in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the...

CVE-2025-12805

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...

CVE-2025-12805

A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...

CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy

A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...

Llama Stack 安全漏洞

Llama Stack is a core building block for simplified artificial intelligence application development, open-sourced by Meta Llama. There is a security vulnerability in Llama Stack, which stems from the lack of network policy restrictions on access to the llama-stack server endpoints. This...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to a misconfigured NetworkPolicy inter-ns. An attacker can gain unauthorized access to resources in other namespaces by exploiting an overly permissive network...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to an improperly configured NetworkPolicy inter-ns. An attacker can gain unauthorized access to resources in other namespaces by exploiting the misconfiguration,...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to an improperly configured NetworkPolicy inter-ns. An attacker can gain unauthorized access to resources in other namespaces by exploiting the misconfiguration,...

PT-2026-25861

Name of the Vulnerable Software and Affected Versions Fullchain versions prior to 0.1.1 Description Fullchain is a platform for deploying CTF Capture The Flag environments. A misconfigured NetworkPolicy allows a malicious actor to move laterally from a compromised application to any Pod in a...

CVE-2026-32720

The CVE affects the github.com/ctfer-io/monitoring component. Root cause: a mis-written NetworkPolicy allowed a malicious actor to pivot from one component to another namespace, breaking security-by-default and enabling lateral movement. The vulnerability exists prior to version 0.2.1 and is addr...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to a misconfigured NetworkPolicy. An attacker can gain unauthorized access to resources in other namespaces by exploiting the overly permissive network policy configuration. Workaround This vulnerability can ...