65 matches found
CVE-2026-13434
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
EUVD-2026-39796
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
CVE-2026-13434
CVE-2026-13434 affects KubeVirt’s network annotation generator used when provisioning VirtualMachineInstance with Multus networks. The flaw writes the supplied networkName verbatim into the v1.multus-cni.io/default-network annotation without format validation or sanitization, with only an empty-s...
CVE-2026-13434
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
PT-2026-52848
Name of the Vulnerable Software and Affected Versions KubeVirt versions 1.8.0 and later Description A flaw exists in the network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the networkName value is written directly into the launcher...
CVE-2026-39821 affecting package multus for versions less than 4.0.2-8
CVE-2026-39821 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...
CVE-2026-27136 affecting package multus for versions less than 4.0.2-8
CVE-2026-27136 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...
CVE-2026-42506 affecting package multus for versions less than 4.0.2-8
CVE-2026-42506 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...
CVE-2025-58190 affecting package multus for versions less than 4.0.2-7
CVE-2025-58190 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...
CVE-2025-47911 affecting package multus for versions less than 4.0.2-7
CVE-2025-47911 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...
CVE-2025-47911 affecting package multus for versions less than 4.0.2-10
CVE-2025-47911 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...
CVE-2025-58190 affecting package multus for versions less than 4.0.2-10
CVE-2025-58190 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...
AZL-77040 CVE-2025-58190 affecting package multus 4.0.2-6
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76965 CVE-2025-58190 affecting package multus for versions less than 4.0.2-10
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77036 CVE-2025-47911 affecting package multus 4.0.2-6
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76962 CVE-2025-47911 affecting package multus for versions less than 4.0.2-10
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CLEANSTART-2026-EW68942 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-DD39330 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
Azure Linux 3.0 Security Update: multus (CVE-2020-28852)
The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...