Openshift

2026-04-26
The Controller Token Leak Epidemic: Kubernetes Has a Confused-Deputy Problem
Six CVEs in three months, four against a single Kyverno feature, plus OpenShift AI and Argo CD: every modern Kubernetes platform is shipping helper code that hands its controller's bearer token to attacker-controlled URLs. The bug class isn't going to fix itself.
kubernetes kyverno openshift argocd confused-deputy serviceaccount token-leak ssrf rbac cloud-metadata opinion
vulnerabilities 2026-04-13
Red Hat OpenShift AI Dashboard Leaks Kubernetes Service Account Tokens (CVE-2026-5483)
A high-severity flaw in Red Hat OpenShift AI's odh-dashboard exposes Kubernetes Service Account tokens via a NodeJS endpoint, enabling unauthorized cluster access.
kubernetes openshift red-hat token-disclosure cve-2026-5483

The Controller Token Leak Epidemic: Kubernetes Has a Confused-Deputy Problem