52 matches found
SUSE CVE-2025-24784
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it's considere...
CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...
CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...
SUSE kubewarden 安全漏洞
SUSE kubewarden is a policy engine developed by the German company SUSE. SUSE kubewarden has security vulnerabilities. These vulnerabilities stem from attackers who have privileges as AdmissionPolicy or AdmissionPolicyGroup and can exploit the canihost callback. This callback directly executes...
GHSA-WQCW-G35J-J578 Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call
Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...
PT-2026-37269
Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.35.0 Description An attacker with permissions to create AdmissionPolicy or AdmissionPolicyGroup can craft a policy using the can i host callback to enumerate RBAC permissions of any user or service account across...
SUSE CVE-2026-29773
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...
GO-2026-4652 Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding in github.com/kubewarden/kubewarden-controller
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding in github.com/kubewarden/kubewarden-controller...
CVE-2026-29773
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...
CVE-2026-29773
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...
SUSE kubewarden 安全漏洞
SUSE Kubewarden is a policy engine developed by the German company SUSE. There is a security vulnerability in Kubewarden, which allows attackers with specific permissions to deploy policies using deprecated host callback APIs. This vulnerability may lead to the reading of Ingresses, Namespaces, a...
CVE-2026-29773
Technical details for CVE-2026-29773 are not provided in the connected documents. The available materials mention read-only access via deprecated APIs but do not specify affected versions, fixes, or explicit exploit details.
CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding
Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...
GHSA-6R7F-3FWQ-HQ74 Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding
Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...
EUVD-2026-10411
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding...
EUVD-2026-10410
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding...
EUVD-2023-26779
Malicious code in bioql PyPI...
The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings of the Kubernetes cluster’s kubewarden-controller controller allows a malicious actor to gain unauthorized access to modify data or expose protected information.
The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings in the Kubernetes cluster kubewarden-controller is related to improper authorization. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to modify data or expose sensitive...