1182 matches found
CVE-2026-50195
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
CVE-2026-50195
Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...
CVE-2026-50195 containerd: CRI checkpoint import allows local image tag poisoning
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
PT-2026-54763
Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...
GHSA-M63V-2G9W-2W6V Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Summary A follow-up bypass of the round-4 PodSpec hardening GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92. Those advisories validate and sanitize the PodSpec spec.runtime.podSpec / spec.builder.podSpec / function.spec.podSpec, but the Environment CRD also exposes...
EUVD-2026-36101
Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...
GHSA-GX55-F84R-V3R7 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Summary Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podsp...
EUVD-2026-36098
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...
GHSA-VJHC-CF4P-72Q4 Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
Summary Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. Details An attacker with packages.fission.io/create in their own namespace could set spec.environment.namespace to any other tenant's...
CVE-2026-44947
CVE-2026-44947 describes a missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher, affecting versions 2.13.0–2.13.7 and 2.14.0–2.14.3. The issue allows users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those per...
CVE-2026-44947 Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
A missing clean-up in the legacy Project Role Template Binding PRTB reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission PSA permissions after an administrator removes those permissions from a RoleTemplate...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kernel: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach CVE-2026-43038 kernel: netfilter: flowtabl...
CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
CVE-2026-13325
The CVE-2026-13325 issue affects KubeVirt’s migration proxy. When spec.configuration.migrations.disableTLS is set to true, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener ...
GO-2026-5638 Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers...
CVE-2026-56769
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...
GO-2026-5148 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller in github.com/argoproj/argo-workflows
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller in github.com/argoproj/argo-workflows...
CVE-2026-56769 Huly Platform - Server-Side Request Forgery via /import Endpoint
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...
CVE-2026-13201
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...
CVE-2026-13201 Kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level vm disruption
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...