Kubernetes
This hub aggregates every CVE we track for Kubernetes, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
70
CVEs tracked
4
Critical
18
High
0
In CISA KEV
Severity distribution
MEDIUM39HIGH18LOW9CRITICAL4
Monthly trend
1
0
0
0
1
0
0
1
2
0
0
1
0
1
1
1
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Kubernetes.
- CVE-2025-13281Portworx Half-Blind SSRF in kube-controller-manager5.8
- CVE-2025-57870BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.10.0
- CVE-2025-9708Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks6.8
- CVE-2025-5187Nodes can delete themselves by adding an OwnerReference6.7
- CVE-2025-4563Nodes can bypass dynamic resource allocation authorization checks2.7
- CVE-2025-1767This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been d...6.5
- CVE-2024-9042This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.5.9
- CVE-2025-0426A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by...6.2
- CVE-2024-10220Arbitrary command execution through gitRepo volume8.1
- CVE-2024-5321Incorrect permissions on Windows containers logs6.1
- CVE-2024-5037Openshift/telemeter: iss check during jwt authentication can be bypassed7.5
- CVE-2024-3177Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin2.7
- CVE-2023-5528Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation7.2
- CVE-2023-3955Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation8.8
- CVE-2023-3676Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation8.8
Product normalization is registry-driven with AI assist and human review. How it works