CVE-2026-39429

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the cache server. An attacker can gain unauthorized read and write access by sending requests directly to the exposed service. Remediation Upgrade...

CVE-2026-39429 kcp's cache server is accessible without authentication or authorization checks

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

MAL-2025-192425 Malicious code in libxmlfinal2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cac89e3df77030c41a5f9d5ac7a10bf66dad824ef1d013c47d913be27080f190 The package libxmlfinal2 was found to contain malicious code. Source: ossf-package-analysis...