{"api_version":"1","generated_at":"2026-07-11T03:50:43+00:00","cve":"CVE-2026-55175","urls":{"html":"https://cve.report/CVE-2026-55175","api":"https://cve.report/api/cve/CVE-2026-55175.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-55175","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-55175"},"summary":{"title":"Spinnaker: Improper yaml processing on kustomize bake operations","description":"Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-10 23:16:48","updated_at":"2026-07-10 23:16:48"},"problem_types":["CWE-502","CWE-502 CWE-502: Deserialization of Untrusted Data"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/spinnaker/spinnaker/commit/de5a7a05af35aee19eb71d289cd0b77f67509009","name":"https://github.com/spinnaker/spinnaker/commit/de5a7a05af35aee19eb71d289cd0b77f67509009","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/commit/df32d568e82519d9f3896fc9007baba0077c87fd","name":"https://github.com/spinnaker/spinnaker/commit/df32d568e82519d9f3896fc9007baba0077c87fd","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.1.1","name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.1.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-p68j-q7hf-3qcp","name":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-p68j-q7hf-3qcp","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.4.4","name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.4.4","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.3.4","name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.3.4","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/commit/2d75818b85cc4c35144d5e5ed45e7340fcab5dfe","name":"https://github.com/spinnaker/spinnaker/commit/2d75818b85cc4c35144d5e5ed45e7340fcab5dfe","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.0.3","name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.0.3","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/commit/bbc30c9b9034a056e95f012fa1b34e9fd703cae7","name":"https://github.com/spinnaker/spinnaker/commit/bbc30c9b9034a056e95f012fa1b34e9fd703cae7","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/commit/f5cec213f8cf207843ed5a6929395960a1ca094f","name":"https://github.com/spinnaker/spinnaker/commit/f5cec213f8cf207843ed5a6929395960a1ca094f","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.2.0","name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.2.0","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-55175","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55175","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"spinnaker","product":"spinnaker","version":"affected >= 2026.1.0, < 2026.1.1","platforms":[]},{"source":"CNA","vendor":"spinnaker","product":"spinnaker","version":"affected >= 2026.0.0, < 2026.0.3","platforms":[]},{"source":"CNA","vendor":"spinnaker","product":"spinnaker","version":"affected >= 2025.4.0, < 2025.4.4","platforms":[]},{"source":"CNA","vendor":"spinnaker","product":"spinnaker","version":"affected < 2025.3.4","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"product":"spinnaker","vendor":"spinnaker","versions":[{"status":"affected","version":">= 2026.1.0, < 2026.1.1"},{"status":"affected","version":">= 2026.0.0, < 2026.0.3"},{"status":"affected","version":">= 2025.4.0, < 2025.4.4"},{"status":"affected","version":"< 2025.3.4"}]}],"descriptions":[{"lang":"en","value":"Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502: Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-10T21:52:08.166Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-p68j-q7hf-3qcp","tags":["x_refsource_CONFIRM"],"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-p68j-q7hf-3qcp"},{"name":"https://github.com/spinnaker/spinnaker/commit/2d75818b85cc4c35144d5e5ed45e7340fcab5dfe","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/commit/2d75818b85cc4c35144d5e5ed45e7340fcab5dfe"},{"name":"https://github.com/spinnaker/spinnaker/commit/bbc30c9b9034a056e95f012fa1b34e9fd703cae7","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/commit/bbc30c9b9034a056e95f012fa1b34e9fd703cae7"},{"name":"https://github.com/spinnaker/spinnaker/commit/de5a7a05af35aee19eb71d289cd0b77f67509009","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/commit/de5a7a05af35aee19eb71d289cd0b77f67509009"},{"name":"https://github.com/spinnaker/spinnaker/commit/df32d568e82519d9f3896fc9007baba0077c87fd","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/commit/df32d568e82519d9f3896fc9007baba0077c87fd"},{"name":"https://github.com/spinnaker/spinnaker/commit/f5cec213f8cf207843ed5a6929395960a1ca094f","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/commit/f5cec213f8cf207843ed5a6929395960a1ca094f"},{"name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.3.4","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.3.4"},{"name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.4.4","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2025.4.4"},{"name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.0.3","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.0.3"},{"name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.1.1","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.1.1"},{"name":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.2.0","tags":["x_refsource_MISC"],"url":"https://github.com/spinnaker/spinnaker/releases/tag/rosco-2026.2.0"}],"source":{"advisory":"GHSA-p68j-q7hf-3qcp","discovery":"UNKNOWN"},"title":"Spinnaker: Improper yaml processing on kustomize bake operations"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-55175","datePublished":"2026-07-10T21:52:08.166Z","dateReserved":"2026-06-16T15:20:43.085Z","dateUpdated":"2026-07-10T21:52:08.166Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-10 23:16:48","lastModifiedDate":"2026-07-10 23:16:48","problem_types":["CWE-502","CWE-502 CWE-502: Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"55175","Ordinal":"1","Title":"Spinnaker: Improper yaml processing on kustomize bake operations","CVE":"CVE-2026-55175","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"55175","Ordinal":"1","NoteData":"Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.","Type":"Description","Title":"Spinnaker: Improper yaml processing on kustomize bake operations"}]}}}