CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration and, when the template uses the SERVICEACCOUNT_TOKEN placeholder (Canal/Flannel-Calico deployments), substitutes the live Kubernetes ServiceAccount bearer token for logging. This exposes the token to any authenticated u...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker with create pod permission could access local git repositories belonging to other pods on the same node by exploiting this vulnerability. Notes: 1 This is only exploitable if the cluster still uses...

PT-2025-11205 · Unknown · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: The issue affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has...

How to Make Veeam Kasten for Kubernetes Grafana Pod rootless

Purpose This article explains how to disable init-container in k10-grafana to run it as rootless. Cause Veeam Kasten for Kubernetes installation provides an instance of Grafana that is deployed automatically and can be used to query metrics from Kasten's Prometheus instance. This grafana pod is r...

Design/Logic Flaw

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

SUSE CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...