Kubernetes

2026-04-26
The Controller Token Leak Epidemic: Kubernetes Has a Confused-Deputy Problem
Six CVEs in three months, four against a single Kyverno feature, plus OpenShift AI and Argo CD: every modern Kubernetes platform is shipping helper code that hands its controller's bearer token to attacker-controlled URLs. The bug class isn't going to fix itself.
kubernetes kyverno openshift argocd confused-deputy serviceaccount token-leak ssrf rbac cloud-metadata opinion
vulnerabilities 2026-04-17
Kyverno apiCall Service Helper Leaks ServiceAccount Token to Attacker-Controlled Endpoints (CVE-2026-40868)
A high-severity flaw in Kyverno's apiCall servicecall helper implicitly attaches the controller's ServiceAccount bearer token to policy-controlled outbound URLs, letting any ClusterPolicy author exfiltrate the token and impersonate the Kyverno controller.
kubernetes kyverno policy-engine confused-deputy token-leak cve-2026-40868
Vulnerability 2026-04-14
CVE-2026-31414: Linux Kernel Netfilter Conntrack Flaw Enables Container Escape Privilege Escalation
A use-after-free in Linux kernel netfilter connection tracking allows local privilege escalation from container workloads — patch your nodes now.
linux-kernel netfilter privilege-escalation container-security kubernetes CVE-2026-31414 conntrack
vulnerabilities 2026-04-13
Red Hat OpenShift AI Dashboard Leaks Kubernetes Service Account Tokens (CVE-2026-5483)
A high-severity flaw in Red Hat OpenShift AI's odh-dashboard exposes Kubernetes Service Account tokens via a NodeJS endpoint, enabling unauthorized cluster access.
kubernetes openshift red-hat token-disclosure cve-2026-5483
Vulnerabilities 2026-04-03
CVE-2026-33186: gRPC-Go Auth Bypass Lets Attackers Skip Deny Rules With a Missing Slash
A critical CVSS 9.1 flaw in gRPC-Go lets unauthenticated attackers bypass path-based authorization by omitting the leading slash from HTTP/2 :path headers.
grpc golang kubernetes microservices traefik authorization CVE-2026-33186
vulnerabilities 2026-04-03
CVE-2026-33105: Azure Kubernetes Service RBAC Bypass Scores Perfect 10.0 CVSS
Critical AKS vulnerability allows privilege escalation to cluster admin via RBAC bypass. CVSS 10.0. Patch now.
kubernetes azure aks rbac privilege-escalation cve
supply-chain 2026-04-02
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.
supply-chain trivy kics litellm github-actions pypi ransomware teamPCP ci-cd kubernetes
vulnerabilities 2026-03-29 High
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.
apparmor container kubernetes linux container-escape