Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kubernetes — Vulnerabilities & Security Advisories 102

Browse all 102 CVE security advisories affecting kubernetes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kubernetes serves as an open-source container orchestration platform, automating the deployment, scaling, and management of containerized applications across distributed clusters. Its complex architecture, involving numerous interacting components like the API server and kubelet, historically exposes it to diverse vulnerability classes. Common issues include remote code execution (RCE) via unauthenticated API endpoints, privilege escalation through misconfigured role-based access controls, and cross-site scripting (XSS) in the web dashboard. With over 100 recorded CVEs, the platform has faced significant security challenges, including incidents where attackers exploited weak authentication mechanisms to gain cluster-wide control. These vulnerabilities often stem from default configurations or delayed patching of underlying dependencies. Consequently, securing Kubernetes requires rigorous network segmentation, strict identity management, and continuous monitoring to mitigate risks associated with its intricate service mesh and dynamic workload scheduling capabilities.

Top products by kubernetes: Kubernetes ingress-nginx kubelet Kubernetes ingress-nginx Minikube Image Builder Kubernetes Secrets Store CSI Driver Kubernetes Java Client kube-apiserver CSI Driver for NFS Kubernetes CSharp Client secrets-store-sync-controller azure-file-csi-driver csi-proxy kops secrets-store-csi-driver aws-iam-authenticator CSI Snapshotter kubernetes-csi external-provisioner k8s.gcr.io/defaultbackend
CVE IDTitleCVSSSeverityPublished
CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server — CSI Driver for NFSCWE-22 6.5 Medium2026-03-20
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-03-19
CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-03-09
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-06
CVE-2026-24514 ingress-nginx Admission Controller denial of service — ingress-nginxCWE-770 6.5 Medium2026-02-03
CVE-2026-24513 ingress-nginx auth-url protection bypass — ingress-nginxCWE-754 3.1 Low2026-02-03
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-03
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-03
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager — KubernetesCWE-918 5.8 Medium2025-12-14
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks — Kubernetes CSharp ClientCWE-295 6.8 Medium2025-09-16
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs — secrets-store-sync-controllerCWE-532 6.5 Medium2025-09-05
CVE-2025-5187 Nodes can delete themselves by adding an OwnerReference — KubernetesCWE-863 6.7 Medium2025-08-27
CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override — Image BuilderCWE-798 7.5 High2025-08-17
CVE-2025-4563 Nodes can bypass dynamic resource allocation authorization checks — KubernetesCWE-20 2.7 Low2025-06-23
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability — ingress-nginxCWE-20 4.8 Medium2025-03-24
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-1974 ingress-nginx admission controller RCE escalation — ingress-nginxCWE-653 9.8 Critical2025-03-24
CVE-2024-7598 Network restriction bypass via race condition during namespace termination — kube-apiserverCWE-362 3.1 Low2025-03-20
CVE-2025-1767 Kubernetes 安全漏洞 — KubeletCWE-20 6.5 Medium2025-03-13
CVE-2024-9042 Kubernetes 安全漏洞 — KubeletCWE-20 5.9 Medium2025-03-13
CVE-2025-0426 Kubernetes 安全漏洞 — kubeletCWE-400 6.2 Medium2025-02-13
CVE-2024-10220 Arbitrary command execution through gitRepo volume — kubeletCWE-22 8.1 High2024-11-22
CVE-2024-9594 VM images built with Image Builder with some providers use default credentials during builds — Image BuilderCWE-798 6.3 Medium2024-10-15
CVE-2024-9486 VM images built with Image Builder and Proxmox provider use default credentials — Image BuilderCWE-798 9.8 Critical2024-10-15
CVE-2024-7646 Ingress NGINX Controller 安全漏洞 — ingress-nginxCWE-20 8.8 High2024-08-16
CVE-2024-5321 Incorrect permissions on Windows containers logs — KubernetesCWE-276 6.1 Medium2024-07-18
CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs — azure-file-csi-driverCWE-532 6.5 Medium2024-05-15
CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin — KubernetesCWE-20 2.7 Low2024-04-22

This page lists every published CVE security advisory associated with kubernetes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.