Browse all 7 CVE security advisories affecting spinnaker. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spinnaker is an open-source continuous delivery platform for releasing software changes with high velocity and confidence. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform's complex architecture with multiple microservices has contributed to security challenges. While no major public security incidents have been widely reported, the presence of seven CVEs indicates ongoing security concerns that organizations should address through regular updates and hardening. Spinnaker's broad permissions model and integration with various cloud services require careful configuration to prevent unauthorized access and ensure secure deployment pipelines.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling — spinnakerCWE-94 | 10.0 | Critical | 2026-04-20 |
| CVE-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths — spinnakerCWE-20 | 10.0 | Critical | 2026-04-20 |
| CVE-2025-61916 | Spinnaker vulnerable to SSRF due to improper restrictions on http from user input — spinnakerCWE-20 | 7.9 | High | 2026-01-05 |
| CVE-2023-39348 | Improper log output when using GitHub Status Notifications in spinnaker — spinnakerCWE-532 | 4.0 | Medium | 2023-08-28 |
| CVE-2022-23506 | Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds — spinnakerCWE-532 | 4.3 | Medium | 2023-01-03 |
| CVE-2021-43832 | Improper Access Control in spinnaker — spinnakerCWE-306 | 10.0 | Critical | 2022-01-04 |
| CVE-2021-39143 | Path Traversal in spinnaker — spinnakerCWE-22 | 6.6 | Medium | 2022-01-04 |
This page lists every published CVE security advisory associated with spinnaker. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.