21 matches found
GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...
Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...
PT-2026-46308
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...
CVE-2026-45730
creationtimestamp| type| source ---|---|--- 2026-06-01 13:44:26+00:00| published-proof-of-concept| https://github.com/nuclio/nuclio/security/advisories/GHSA-m8xg-8xg9-mxhm...
SUSE CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
GO-2026-4598 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation in github.com/nuclio/nuclio
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation in github.com/nuclio/nuclio. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042
Technical details about CVE-2026-29042 are not publicly available in the provided connected documents; the included SUSE/PTSecurity items do not discuss Nuclio. Monitor for updates.
CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
Nuclio 安全漏洞
Nuclio is an open-source data processing framework developed by Nuclio. Versions of Nuclio prior to 1.15.20 contained security vulnerabilities. These vulnerabilities stemmed from the Shell Runtime component, which allowed command injection when processing parameters provided by users. This could...
GHSA-95FJ-3W7G-4R27 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Overview Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the processing of the X-Nuclio-Arguments HTTP header, which is incorporated into shell commands without validation or sanitization. An attacker can...
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...
PT-2026-23091
Name of the Vulnerable Software and Affected Versions Nuclio versions prior to 1.15.20 Description Nuclio's Shell Runtime component contains a command injection issue. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into she...
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...
PT-2025-4790 · Nuclio +1 · Nuclio +1
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...