CVE-2026-29954
CVE-2026-29954 affects KubePlus 4.1.4, specifically the mutating webhook and kubeconfiggenerator. The vulnerability arises when processing the chartURL field of ResourceComposition resources: the value is only URL-encoded and not validated, enabling SSRF. More critically, kubeconfiggenerator conc...