955 matches found
CVE-2026-56219
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...
CVE-2026-56247
Capgo prior to version 12.128.2 contains a privilege-escalation flaw where org admins can assign org-scoped RBAC roles at the app scope without validating role-scope compatibility, including assignments to pending invitees . Attackers can pre-seed malformed high-privilege bindings that survive in...
CVE-2026-56219
Capgo before 12.128.2 contains a NULL-auth bypass in public.get_org_user_access_rbac that allows unauthenticated attackers to disclose RBAC role bindings and member email addresses. The issue arises from improper NULL comparison in the authorization gate, enabling disclosure of organization membe...
CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...
CVE-2026-44949
Summary: CVE-2026-44949 pertains to a vulnerability in the Rancher FleetWorkspace mutating webhook handled by the in-cluster rancher-webhook service. Affected versions: 0.7.0–0.7.10, 0.8.0–0.8.7, 0.9.0–0.9.6, and 0.10.0–0.10.7. Impact: An unauthenticated attacker with network access to the webhoo...
PT-2026-54021
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication bypass exists due to an improper NULL comparison in the authorization gate. Unauthenticated attackers can exploit this by using a public API key to access the PostgREST RPC endpoin...
GO-2026-5337 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) in github.com/kyverno/kyverno
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation CVE-2026-22039 Incomplete Fix in github.com/kyverno/kyverno...
CVE-2026-13201
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...
CVE-2026-44046
Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...
EUVD-2026-38014
Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...
CVE-2026-44046
Apache APISIX is affected by CVE-2026-44046 due to a Less Trusted Source issue in the wolf-rbac plugin under default configuration. Affected versions: 1.2.0 through 3.16.0. Exploitation can allow spoofed identity information to be logged and potentially bypass or abuse IP-based access controls. T...
CVE-2026-55226
When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...
PT-2026-50883
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...
CVE-2026-55225
When the Strimzi cluster operator is deployed with watchAnyNamespace=true or a multi-namespace list, any namespace editor can set Kafka.spec.entityOperator.userOperator.watchedNamespace or topicOperator.watchedNamespace to an arbitrary namespace. The cluster operator then creates a Role granting...
PT-2026-50604
Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...
USN-8433-1: OpenStack Keystone vulnerabilities
It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...
Malicious code in rbac-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 574eb872a7c1d07d6f1a1fc9aa6c1b217b861ad4bc85392ed0576ede596502c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2026-36287
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...
CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...