Kubernetes — Vulnerabilities & Security Advisories 102

Browse all 102 CVE security advisories affecting Kubernetes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3864	CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server — CSI Driver for NFSCWE-22	6.5	Medium	2026-03-20
CVE-2026-4342	ingress-nginx comment-based nginx configuration injection — ingress-nginxCWE-20	8.8	High	2026-03-19
CVE-2026-3288	ingress-nginx rewrite-target nginx configuration injection — ingress-nginxCWE-20	8.8	High	2026-03-09
CVE-2025-15566	ingress-nginx auth-proxy-set-headers nginx configuration injection — ingress-nginxCWE-20	8.8	High	2026-02-06
CVE-2026-24514	ingress-nginx Admission Controller denial of service — ingress-nginxCWE-770	6.5	Medium	2026-02-03
CVE-2026-24513	ingress-nginx auth-url protection bypass — ingress-nginxCWE-754	3.1	Low	2026-02-03
CVE-2026-24512	ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20	8.8	High	2026-02-03
CVE-2026-1580	ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20	8.8	High	2026-02-03
CVE-2025-13281	Portworx Half-Blind SSRF in kube-controller-manager — KubernetesCWE-918	5.8	Medium	2025-12-14
CVE-2025-9708	Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks — Kubernetes CSharp ClientCWE-295	6.8	Medium	2025-09-16
CVE-2025-7445	Kubernetes secrets-store-sync-controller discloses service account tokens in logs — secrets-store-sync-controllerCWE-532	6.5	Medium	2025-09-05
CVE-2025-5187	Nodes can delete themselves by adding an OwnerReference — KubernetesCWE-863	6.7	Medium	2025-08-27
CVE-2025-7342	VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override — Image BuilderCWE-798	7.5	High	2025-08-17
CVE-2025-4563	Nodes can bypass dynamic resource allocation authorization checks — KubernetesCWE-20	2.7	Low	2025-06-23
CVE-2025-24514	ingress-nginx controller - configuration injection via unsanitized auth-url annotation — ingress-nginxCWE-20	8.8	High	2025-03-24
CVE-2025-24513	ingress-nginx controller - auth secret file path traversal vulnerability — ingress-nginxCWE-20	4.8	Medium	2025-03-24
CVE-2025-1098	ingress-nginx controller - configuration injection via unsanitized mirror annotations — ingress-nginxCWE-20	8.8	High	2025-03-24
CVE-2025-1097	ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation — ingress-nginxCWE-20	8.8	High	2025-03-24
CVE-2025-1974	ingress-nginx admission controller RCE escalation — ingress-nginxCWE-653	9.8	Critical	2025-03-24
CVE-2024-7598	Network restriction bypass via race condition during namespace termination — kube-apiserverCWE-362	3.1	Low	2025-03-20
CVE-2025-1767	Kubernetes 安全漏洞 — KubeletCWE-20	6.5	Medium	2025-03-13
CVE-2024-9042	Kubernetes 安全漏洞 — KubeletCWE-20	5.9	Medium	2025-03-13
CVE-2025-0426	Kubernetes 安全漏洞 — kubeletCWE-400	6.2	Medium	2025-02-13
CVE-2024-10220	Arbitrary command execution through gitRepo volume — kubeletCWE-22	8.1	High	2024-11-22
CVE-2024-9594	VM images built with Image Builder with some providers use default credentials during builds — Image BuilderCWE-798	6.3	Medium	2024-10-15
CVE-2024-9486	VM images built with Image Builder and Proxmox provider use default credentials — Image BuilderCWE-798	9.8	Critical	2024-10-15
CVE-2024-7646	Ingress NGINX Controller 安全漏洞 — ingress-nginxCWE-20	8.8	High	2024-08-16
CVE-2024-5321	Incorrect permissions on Windows containers logs — KubernetesCWE-276	6.1	Medium	2024-07-18
CVE-2024-3744	Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs — azure-file-csi-driverCWE-532	6.5	Medium	2024-05-15
CVE-2024-3177	Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin — KubernetesCWE-20	2.7	Low	2024-04-22

This page lists every published CVE security advisory associated with Kubernetes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Kubernetes — Vulnerabilities & Security Advisories 102