64 matches found
Shopper: Authorization bypass and RBAC privilege escalation in team settings
Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...
CVE-2026-42999
A flaw was found in OpenStack Keystone. This vulnerability allows an authenticated user to bypass Role-Based Access Control RBAC checks by injecting arbitrary policy target attributes into the request body. This enables the user to perform unauthorized operations on resources belonging to other...
CVE-2026-41014
Apache Airflow vulnerability CVE-2026-41014 affects the partitioned_dag_runs endpoints in the UI. The issue arises from enforcing only asset-level access control, enabling an authenticated UI/API user with global Asset:read permission to enumerate partition run state, schedule configuration, and ...
CVE-2026-10101
ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...
CVE-2026-10101
ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...
PT-2026-44890
ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...
CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
PT-2026-38402
Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.4.44 etcd versions prior to 3.5.30 etcd versions prior to 3.6.11 Description etcd is a distributed key-value store for distributed system data. A flaw allows authenticated users without sufficient read or lease-related...
SUSE CVE-2026-41068
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability - the...
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...
CVE-2026-41068
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...
EUVD-2026-25382
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...
PT-2026-34843
Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.17.2 Description A flaw in the ConfigMap context loader allows for cross-namespace privilege escalation. The configMap.namespace field lacks validation, enabling a namespace administrator to read ConfigMaps from any...
Improper Authentication And Authorization
kubevirt.io/kubevirt is vulnerable to improper authentication and authorization. The vulnerability is due to improper validation of the Common Name CN field in client TLS certificates during mTLS authentication, which allows an attacker to bypass RBAC controls by impersonating the Kubernetes API...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-100 (ALASECS-2026-100)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-100 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1532)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1532 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it...
DEBIAN-CVE-2026-33343
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
CVE-2026-33343
etcd: Nested transactions bypass RBAC checks allow an authenticated user with restricted key-range permissions to bypass key-level authorization and access the entire data store. Affected versions are prior to 3.4.42, 3.5.28, and 3.6.9. A patch exists in these series; upgrading to 3.4.42, 3.5.28,...
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...