Groups

kubernetes-security-discuss

Contact owners and managers

1–30 of 149

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Mar 23

PSIRTSUPT-6598 [Security Advisory] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

—-—-—-— Reply above this line. Michal Findra commented: Hello, Thank you for the report. The CVE is

unread,

PSIRTSUPT-6598 [Security Advisory] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

—-—-—-— Reply above this line. Michal Findra commented: Hello, Thank you for the report. The CVE is

Mar 23

Mar 23

PSIRTSUPT-6491 [Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection

—-—-—-— Reply above this line. Michal Findra commented: Hello, the CVE is already processed in our

unread,

PSIRTSUPT-6491 [Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection

—-—-—-— Reply above this line. Michal Findra commented: Hello, the CVE is already processed in our

Mar 23

ji...@redhat.atlassian.net

Mar 22

PSIRTSUPT-6638 [Security Advisory] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection

—-—-—-— Reply above this line. tabitha...@gmail.com commented: We would like to apologize for

unread,

PSIRTSUPT-6638 [Security Advisory] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection

—-—-—-— Reply above this line. tabitha...@gmail.com commented: We would like to apologize for

Mar 22

Mar 19

[Security Advisory] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a combination of

unread,

[Security Advisory] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a combination of

Mar 19

Rita Zhang, AWS Security2

Mar 17

[Security Advisory] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

Hello, Thank you for bringing this security concern to our attention. We're currently

unread,

[Security Advisory] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

Hello, Thank you for bringing this security concern to our attention. We're currently

Mar 17

Mar 9

[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where the nginx.ingress.

unread,

[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where the nginx.ingress.

Mar 9

Feb 8

Kubernetes vulnerability conceptual

Hi Kubernetes Security Team, Thanks again for your response. I attempted to submit this report via

unread,

Kubernetes vulnerability conceptual

Hi Kubernetes Security Team, Thanks again for your response. I attempted to submit this report via

Feb 8

Feb 2

[Security Advisory] Multiple issues in ingress-nginx

Hello Kubernetes Community, Multiple issues are disclosed today in ingress-nginx, and assigned the

unread,

[Security Advisory] Multiple issues in ingress-nginx

Hello Kubernetes Community, Multiple issues are disclosed today in ingress-nginx, and assigned the

Feb 2

12/17/25

[Security Advisory] CVE-2025-14269: Credential caching in Headlamp with Helm enabled

Hello Kubernetes Community, A security issue was discovered in the in-cluster version of Headlamp

unread,

[Security Advisory] CVE-2025-14269: Credential caching in Headlamp with Helm enabled

Hello Kubernetes Community, A security issue was discovered in the in-cluster version of Headlamp

12/17/25

12/1/25

[Security Advisory] CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager

Hello Kubernetes Community, A half-blind Server Side Request Forgery (SSRF) vulnerability exists in

unread,

[Security Advisory] CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager

Hello Kubernetes Community, A half-blind Server Side Request Forgery (SSRF) vulnerability exists in

12/1/25

9/16/25

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

unread,

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

9/16/25

9/4/25

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

unread,

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

9/4/25

8/13/25

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

unread,

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

8/13/25

Md Niaz Morshed

8/11/25

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

unread,

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

8/11/25

7/21/25

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

7/21/25

6/28/25

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

unread,

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

6/28/25

Rita Zhang, Red Hat Product Security5

6/20/25

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

unread,

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

6/20/25

Red Hat Request Management

6/20/25

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

unread,

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

6/20/25

6/17/25

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

unread,

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

6/17/25

3/24/25

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

unread,

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

3/24/25

3/20/25

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

unread,

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

3/20/25

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

3/17/25

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

unread,

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

3/17/25

3/5/25

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

unread,

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

3/5/25

2/13/25

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

unread,

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

2/13/25

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

1/16/25

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

unread,

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

1/16/25

Craig Ingram, Red Hat Product Security2

11/21/24

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

unread,

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

11/21/24

10/14/24

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

10/14/24

Craig Ingram, Red Hat Product Security2

8/19/24

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

unread,

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

8/19/24

7/17/24

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

unread,

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

7/17/24

Rita Zhang, Yuan Yan3

5/14/24

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

unread,

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

5/14/24

Search

Clear search

Close search

Google apps

Main menu