kubernetes

Top products

The 15 most recently published vulnerabilities affecting kubernetes.

• CVE-2026-3864CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server6.5Mar 20, 2026
• CVE-2026-4342ingress-nginx comment-based nginx configuration injection8.8Mar 19, 2026
• CVE-2026-3288ingress-nginx rewrite-target nginx configuration injection8.8Mar 9, 2026
• CVE-2025-15566ingress-nginx auth-proxy-set-headers nginx configuration injection8.8Feb 6, 2026
• CVE-2026-24514ingress-nginx Admission Controller denial of service6.5Feb 3, 2026
• CVE-2026-24513ingress-nginx auth-url protection bypass3.1Feb 3, 2026
• CVE-2026-24512ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2026-1580ingress-nginx auth-method nginx configuration injection8.8Feb 3, 2026
• CVE-2025-13281Portworx Half-Blind SSRF in kube-controller-manager5.8Dec 14, 2025
• CVE-2025-9708Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks6.8Sep 16, 2025
• CVE-2025-7445Kubernetes secrets-store-sync-controller discloses service account tokens in logs6.5Sep 5, 2025
• CVE-2025-5187Nodes can delete themselves by adding an OwnerReference6.7Aug 27, 2025
• CVE-2025-7342VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override7.5Aug 17, 2025
• CVE-2025-4563Nodes can bypass dynamic resource allocation authorization checks2.7Jun 23, 2025
• CVE-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation8.8Mar 24, 2025