https://kubernetes.io/docs/reference/issues-security/official-cve-feed/Auto-refreshing official CVE feed for Kubernetes repositoryHugo -- gohugo.ioen-USThe Kubernetes AuthorsThu, 11 Sep 2025 13:45:56 +0000https://github.com/kubernetes/kubernetes/issues/133897Thu, 04 Sep 2025 21:40:42 +0000https://www.cve.org/cverecord?id=CVE-2025-7445secrets-store-sync-controller discloses service account tokens in logshttps://github.com/kubernetes/kubernetes/issues/133471Mon, 11 Aug 2025 16:29:36 +0000https://www.cve.org/cverecord?id=CVE-2025-5187Nodes can delete themselves by adding an OwnerReferencehttps://github.com/kubernetes/kubernetes/issues/133115Mon, 21 Jul 2025 23:22:19 +0000https://www.cve.org/cverecord?id=CVE-2025-7342VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not overridehttps://github.com/kubernetes/kubernetes/issues/132151Fri, 06 Jun 2025 15:48:26 +0000https://www.cve.org/cverecord?id=CVE-2025-4563Nodes can bypass dynamic resource allocation authorization checkshttps://github.com/kubernetes/kubernetes/issues/131009Sun, 23 Mar 2025 17:38:57 +0000https://www.cve.org/cverecord?id=CVE-2025-1974ingress-nginx admission controller RCE escalationhttps://github.com/kubernetes/kubernetes/issues/131008Sun, 23 Mar 2025 17:38:53 +0000https://www.cve.org/cverecord?id=CVE-2025-1098ingress-nginx controller configuration injection via unsanitized mirror annotationshttps://github.com/kubernetes/kubernetes/issues/131007Sun, 23 Mar 2025 17:38:49 +0000https://www.cve.org/cverecord?id=CVE-2025-1097ingress-nginx controller configuration injection via unsanitized auth-tls-match-cn annotationhttps://github.com/kubernetes/kubernetes/issues/131006Sun, 23 Mar 2025 17:38:44 +0000https://www.cve.org/cverecord?id=CVE-2025-24514ingress-nginx controller configuration injection via unsanitized auth-url annotationhttps://github.com/kubernetes/kubernetes/issues/131005Sun, 23 Mar 2025 17:38:28 +0000https://www.cve.org/cverecord?id=CVE-2025-24513ingress-nginx controller auth secret file path traversal vulnerabilityhttps://github.com/kubernetes/kubernetes/issues/130786Thu, 13 Mar 2025 16:08:20 +0000https://www.cve.org/cverecord?id=CVE-2025-1767GitRepo Volume Inadvertent Local Repository Accesshttps://github.com/kubernetes/kubernetes/issues/130016Thu, 06 Feb 2025 20:03:44 +0000https://www.cve.org/cverecord?id=CVE-2025-0426Node Denial of Service via kubelet Checkpoint APIhttps://github.com/kubernetes/kubernetes/issues/129654Wed, 15 Jan 2025 22:28:29 +0000https://www.cve.org/cverecord?id=CVE-2024-9042Command Injection affecting Windows nodes via nodes/*/logs/query APIhttps://github.com/kubernetes/kubernetes/issues/128885Wed, 20 Nov 2024 15:30:44 +0000https://www.cve.org/cverecord?id=CVE-2024-10220Arbitrary command execution through gitRepo volumehttps://github.com/kubernetes/kubernetes/issues/128007Fri, 11 Oct 2024 18:04:50 +0000https://www.cve.org/cverecord?id=CVE-2024-9594VM images built with Image Builder with some providers use default credentials during buildshttps://github.com/kubernetes/kubernetes/issues/128006Fri, 11 Oct 2024 18:04:31 +0000https://www.cve.org/cverecord?id=CVE-2024-9486VM images built with Image Builder and Proxmox provider use default credentialshttps://github.com/kubernetes/kubernetes/issues/126744Fri, 16 Aug 2024 16:10:31 +0000https://www.cve.org/cverecord?id=CVE-2024-7646Ingress-nginx Annotation Validation Bypasshttps://github.com/kubernetes/kubernetes/issues/126587Wed, 07 Aug 2024 21:30:11 +0000https://www.cve.org/cverecord?id=CVE-2024-7598Network restriction bypass via race condition during namespace terminationhttps://github.com/kubernetes/kubernetes/issues/126161Wed, 17 Jul 2024 13:06:48 +0000https://www.cve.org/cverecord?id=CVE-2024-5321Incorrect permissions on Windows containers logshttps://github.com/kubernetes/kubernetes/issues/124759Wed, 08 May 2024 16:02:57 +0000https://www.cve.org/cverecord?id=CVE-2024-3744azure-file-csi-driver discloses service account tokens in logshttps://github.com/kubernetes/kubernetes/issues/124336Tue, 16 Apr 2024 14:04:09 +0000https://www.cve.org/cverecord?id=CVE-2024-3177Bypassing mountable secrets policy imposed by the ServiceAccount admission pluginhttps://github.com/kubernetes/kubernetes/issues/121879Tue, 14 Nov 2023 15:54:16 +0000https://www.cve.org/cverecord?id=CVE-2023-5528Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodeshttps://github.com/kubernetes/kubernetes/issues/126817Wed, 25 Oct 2023 15:48:28 +0000https://www.cve.org/cverecord?id=CVE-2023-5044Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotationhttps://github.com/kubernetes/kubernetes/issues/126816Wed, 25 Oct 2023 15:48:20 +0000https://www.cve.org/cverecord?id=CVE-2023-5043Ingress nginx annotation injection causes arbitrary command executionhttps://github.com/kubernetes/kubernetes/issues/126815Wed, 25 Oct 2023 15:48:08 +0000https://www.cve.org/cverecord?id=CVE-2022-4886ingress-nginx path sanitization can be bypassedhttps://github.com/kubernetes/kubernetes/issues/119595Wed, 26 Jul 2023 15:30:50 +0000https://www.cve.org/cverecord?id=CVE-2023-3955Insufficient input sanitization on Windows nodes leads to privilege escalationhttps://github.com/kubernetes/kubernetes/issues/119594Wed, 26 Jul 2023 15:30:26 +0000https://www.cve.org/cverecord?id=CVE-2023-3893Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalationhttps://github.com/kubernetes/kubernetes/issues/119339Fri, 14 Jul 2023 18:27:48 +0000https://www.cve.org/cverecord?id=CVE-2023-3676Insufficient input sanitization on Windows nodes leads to privilege escalationhttps://github.com/kubernetes/kubernetes/issues/118690Thu, 15 Jun 2023 14:42:32 +0000https://www.cve.org/cverecord?id=CVE-2023-2431Bypass of seccomp profile enforcementhttps://github.com/kubernetes/kubernetes/issues/118640Tue, 13 Jun 2023 14:42:06 +0000https://www.cve.org/cverecord?id=CVE-2023-2728Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission pluginhttps://github.com/kubernetes/kubernetes/issues/118640Tue, 13 Jun 2023 14:42:06 +0000https://www.cve.org/cverecord?id=CVE-2023-2727Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission pluginhttps://github.com/kubernetes/kubernetes/issues/118419Fri, 02 Jun 2023 19:03:54 +0000https://www.cve.org/cverecord?id=CVE-2023-2878secrets-store-csi-driver discloses service account tokens in logshttps://github.com/kubernetes/kubernetes/issues/113757Tue, 08 Nov 2022 21:33:26 +0000https://www.cve.org/cverecord?id=CVE-2022-3294Node address isn't always verified when proxyinghttps://github.com/kubernetes/kubernetes/issues/113756Tue, 08 Nov 2022 21:33:07 +0000https://www.cve.org/cverecord?id=CVE-2022-3162Unauthorized read of Custom Resourceshttps://github.com/kubernetes/kubernetes/issues/112513Fri, 16 Sep 2022 13:14:50 +0000https://www.cve.org/cverecord?id=CVE-2022-3172Aggregated API server can cause clients to be redirected (SSRF)https://github.com/kubernetes/kubernetes/issues/112192Thu, 01 Sep 2022 21:02:01 +0000https://www.cve.org/cverecord?id=CVE-2021-25749`runAsNonRoot` logic bypass for Windows containershttps://github.com/kubernetes/kubernetes/issues/126814Fri, 10 Jun 2022 16:01:41 +0000https://www.cve.org/cverecord?id=CVE-2021-25748Ingress-nginx `path` sanitization can be bypassed with newline characterhttps://github.com/kubernetes/kubernetes/issues/126813Fri, 22 Apr 2022 16:18:27 +0000https://www.cve.org/cverecord?id=CVE-2021-25746Ingress-nginx directive injection via annotationshttps://github.com/kubernetes/kubernetes/issues/126812Fri, 22 Apr 2022 16:18:21 +0000https://www.cve.org/cverecord?id=CVE-2021-25745Ingress-nginx `path` can be pointed to service account token filehttps://github.com/kubernetes/kubernetes/issues/126811Thu, 21 Oct 2021 16:08:21 +0000https://www.cve.org/cverecord?id=CVE-2021-25742Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaceshttps://github.com/kubernetes/kubernetes/issues/104980Mon, 13 Sep 2021 20:58:56 +0000https://www.cve.org/cverecord?id=CVE-2021-25741Symlink Exchange Can Allow Host Filesystem Accesshttps://github.com/kubernetes/kubernetes/issues/102106Tue, 18 May 2021 19:14:27 +0000https://www.cve.org/cverecord?id=CVE-2021-25737Holes in EndpointSlice Validation Enable Host Network Hijackhttps://github.com/kubernetes/kubernetes/issues/101435Fri, 23 Apr 2021 18:07:32 +0000https://www.cve.org/cverecord?id=CVE-2021-3121Processes may panic upon receipt of malicious protobuf messageshttps://github.com/kubernetes/kubernetes/issues/100096Wed, 10 Mar 2021 18:18:01 +0000https://www.cve.org/cverecord?id=CVE-2021-25735Validating Admission Webhook does not observe some previous fieldshttps://github.com/kubernetes/kubernetes/issues/97076Fri, 04 Dec 2020 20:02:15 +0000https://www.cve.org/cverecord?id=CVE-2020-8554Man in the middle using LoadBalancer or ExternalIPshttps://github.com/kubernetes/kubernetes/issues/95624Thu, 15 Oct 2020 22:07:53 +0000https://www.cve.org/cverecord?id=CVE-2020-8566Ceph RBD adminSecrets exposed in logs when loglevel >= 4https://github.com/kubernetes/kubernetes/issues/95623Thu, 15 Oct 2020 22:05:32 +0000https://www.cve.org/cverecord?id=CVE-2020-8565Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9https://github.com/kubernetes/kubernetes/issues/95622Thu, 15 Oct 2020 22:03:19 +0000https://www.cve.org/cverecord?id=CVE-2020-8564Docker config secrets leaked when file is malformed and log level >= 4https://github.com/kubernetes/kubernetes/issues/95621Thu, 15 Oct 2020 22:00:44 +0000https://www.cve.org/cverecord?id=CVE-2020-8563Secret leaks in kube-controller-manager when using vSphere providerhttps://github.com/kubernetes/kubernetes/issues/93032Mon, 13 Jul 2020 18:39:08 +0000https://www.cve.org/cverecord?id=CVE-2020-8557Node disk DOS by writing to container /etc/hostshttps://github.com/kubernetes/kubernetes/issues/92914Wed, 08 Jul 2020 17:03:16 +0000https://www.cve.org/cverecord?id=CVE-2020-8559Privilege escalation from compromised node to clusterhttps://github.com/kubernetes/kubernetes/issues/92315Fri, 19 Jun 2020 18:38:58 +0000https://www.cve.org/cverecord?id=CVE-2020-8558Node setting allows for neighboring hosts to bypass localhost boundaryhttps://github.com/kubernetes/kubernetes/issues/91542Thu, 28 May 2020 16:13:34 +0000https://www.cve.org/cverecord?id=CVE-2020-8555Half-Blind SSRF in kube-controller-managerhttps://github.com/kubernetes/kubernetes/issues/91507Wed, 27 May 2020 19:32:29 +0000https://www.cve.org/cverecord?id=CVE-2020-10749IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisementshttps://github.com/kubernetes/kubernetes/issues/89535Thu, 26 Mar 2020 18:55:26 +0000https://www.cve.org/cverecord?id=CVE-2019-11254kube-apiserver Denial of Service vulnerability from malicious YAML payloadshttps://github.com/kubernetes/kubernetes/issues/89378Mon, 23 Mar 2020 18:35:34 +0000https://www.cve.org/cverecord?id=CVE-2020-8552apiserver DoS (oom)https://github.com/kubernetes/kubernetes/issues/89377Mon, 23 Mar 2020 18:34:40 +0000https://www.cve.org/cverecord?id=CVE-2020-8551Kubelet DoS via APIhttps://github.com/kubernetes/kubernetes/issues/126818Wed, 19 Feb 2020 19:00:32 +0000https://www.cve.org/cverecord?id=CVE-2020-8553ingress-nginx auth-type basic annotation vulnerabilityhttps://github.com/kubernetes/kubernetes/issues/87773Mon, 03 Feb 2020 15:12:22 +0000https://www.cve.org/cverecord?id=CVE-2019-11251kubectl cp symlink vulnerabilityhttps://github.com/kubernetes/kubernetes/issues/85867Tue, 03 Dec 2019 22:58:37 +0000https://www.cve.org/cverecord?id=CVE-2018-1002102Unvalidated redirecthttps://github.com/kubernetes/kubernetes/issues/85233Wed, 13 Nov 2019 20:57:31 +0000https://www.cve.org/cverecord?id=CVE-2019-11255CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutationhttps://github.com/kubernetes/kubernetes/issues/83253Fri, 27 Sep 2019 16:53:31 +0000https://www.cve.org/cverecord?id=CVE-2019-11253Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attackhttps://github.com/kubernetes/kubernetes/issues/81114Thu, 08 Aug 2019 02:03:04 +0000https://www.cve.org/cverecord?id=CVE-2019-11250Bearer tokens are revealed in logs (audit finding TOB-K8S-001)https://github.com/kubernetes/kubernetes/issues/81023Tue, 06 Aug 2019 14:34:33 +0000https://www.cve.org/cverecord?id=CVE-2019-11248/debug/pprof exposed on kubelet's healthz porthttps://github.com/kubernetes/kubernetes/issues/80984Mon, 05 Aug 2019 12:44:23 +0000https://www.cve.org/cverecord?id=CVE-2019-11249Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversalhttps://github.com/kubernetes/kubernetes/issues/80983Mon, 05 Aug 2019 12:44:08 +0000https://www.cve.org/cverecord?id=CVE-2019-11247API server allows access to custom resources via wrong scopehttps://github.com/kubernetes/kubernetes/issues/78308Fri, 24 May 2019 16:14:49 +0000https://www.cve.org/cverecord?id=CVE-2019-11245container uid changes to root after first restart or if image is already pulled to the nodehttps://github.com/kubernetes/kubernetes/issues/76797Thu, 18 Apr 2019 21:31:53 +0000https://www.cve.org/cverecord?id=CVE-2019-11243rest.AnonymousClientConfig() does not remove the serviceaccount credentials from config created by rest.InClusterConfig()https://github.com/kubernetes/kubernetes/issues/76676Tue, 16 Apr 2019 20:14:25 +0000https://www.cve.org/cverecord?id=CVE-2019-11244`kubectl --http-cache=<world-accessible dir>` creates world-writeable cached schema fileshttps://github.com/kubernetes/kubernetes/issues/74534Mon, 25 Feb 2019 19:39:09 +0000https://www.cve.org/cverecord?id=CVE-2019-1002100json-patch requests can exhaust apiserver resourceshttps://github.com/kubernetes/kubernetes/issues/71411Mon, 26 Nov 2018 11:07:36 +0000https://www.cve.org/cverecord?id=CVE-2018-1002105proxy request handling in kube-apiserver can leave vulnerable TCP connectionshttps://github.com/kubernetes/kubernetes/issues/65750Tue, 03 Jul 2018 08:06:15 +0000https://www.cve.org/cverecord?id=CVE-2018-1002101smb mount security issuehttps://github.com/kubernetes/kubernetes/issues/61297Fri, 16 Mar 2018 19:24:46 +0000https://www.cve.org/cverecord?id=CVE-2018-1002100Kubectl copy doesn't check for paths outside of it's destination directory.https://github.com/kubernetes/kubernetes/issues/60814Mon, 05 Mar 2018 20:55:20 +0000https://www.cve.org/cverecord?id=CVE-2017-1002102atomic writer volume handling allows arbitrary file deletion in host filesystemhttps://github.com/kubernetes/kubernetes/issues/60813Mon, 05 Mar 2018 20:53:58 +0000https://www.cve.org/cverecord?id=CVE-2017-1002101subpath volume mount handling allows arbitrary file access in host filesystemhttps://github.com/kubernetes/kubernetes/issues/47611Thu, 15 Jun 2017 18:59:13 +0000https://www.cve.org/cverecord?id=CVE-2017-1002100Azure PV should be Private scope not Container scopehttps://github.com/kubernetes/kubernetes/issues/43459Tue, 21 Mar 2017 15:22:29 +0000https://www.cve.org/cverecord?id=CVE-2017-1000056PodSecurityPolicy admission plugin authorizes incorrectly