Multicluster engine for kubernetes

This hub aggregates every CVE we track for Multicluster engine for kubernetes, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Multicluster engine for kubernetes.

• CVE-2026-10805Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend6.7Jun 4, 2026
• CVE-2026-10101Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents to namespace view users6.3May 29, 2026
• CVE-2026-7163Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure6.1Apr 30, 2026
• CVE-2025-57851Mce: privilege escalation via excessive /etc/passwd permissions6.4Apr 8, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-4740Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation8.2Apr 7, 2026
• CVE-2026-33997Moby: Off-by-one error in plugin privilege validation6.8Mar 31, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4Mar 27, 2026
• CVE-2026-32285Denial of service in github.com/buger/jsonparser7.5Mar 26, 2026
• CVE-2025-58190Infinite parsing loop in golang.org/x/net5.3Feb 5, 2026
• CVE-2025-66471urllib3 Streaming API improperly handles highly compressed data7.5Dec 5, 2025