Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-41184— ServiceAccount token disclosure via install-cni container logs

AI Predicted 6.5 Difficulty: Moderate EPSS 0.08% · P23

Affected Version Matrix 2

VendorProductVersion RangeStatus
TigeraCalico3.32.0unaffected
< 3.31.6affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-41184

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ServiceAccount token disclosure via install-cni container logs
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes the live Kubernetes ServiceAccount bearer token before logging, exposing the token to any authenticated user with pods/log permission in the namespace with calico-node. The token holds patch privileges on pods/status, enabling annotation-based attacks against cluster workloads. The default kubeconfig-based authentication path is not affected. This is a direct regression of TTA-2018-001.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TigeraCalico 3.32.0 -

II. Public POCs for CVE-2026-41184

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-41184

登录查看更多情报信息。

Patches & Fixes for CVE-2026-41184 (3)

Other References for CVE-2026-41184 (1)

Same Patch Batch · Tigera · 2026-05-28 · 3 CVEs total

CVE-2026-41185ServiceAccount token disclosure via Azure IPAM CNI plugin logs
CVE-2026-6720Calicoctl leaks cluster credentials to stderr when verbose logging is enabled

IV. Related Vulnerabilities

Same product: Calico
Same vendor: Tigera
Same weakness: CWE-532

V. Comments for CVE-2026-41184

No comments yet

Leave a comment