Known Vulnerabilities for products from Kubernetes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kubernetes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44245 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-43824 json | Not Provided | 2026-05-02 | 2026-05-04 | |
| CVE-2026-42880 json | Not Provided | 2026-05-07 | 2026-05-08 | |
| CVE-2026-42876 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-42875 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-42541 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-42297 json | Not Provided | 2026-05-09 | 2026-05-12 | |
| CVE-2026-42296 json | Not Provided | 2026-05-09 | 2026-05-12 | |
| CVE-2026-42295 json | Not Provided | 2026-05-09 | 2026-05-11 | |
| CVE-2026-42294 json | Not Provided | 2026-05-09 | 2026-05-11 | |
| CVE-2026-4342 json | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configurati... | Not Provided | 2026-03-19 | 2026-04-28 |
| CVE-2026-3288 json | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation ca... | Not Provided | 2026-03-09 | 2026-05-06 |
| CVE-2023-5528 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-14 | 2023-11-30 |
| CVE-2023-5044 json | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-5043 json | Ingress nginx annotation injection causes arbitrary command execution. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-3955 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-08 |
| CVE-2023-3893 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-prox... | 8.8 - HIGH | 2023-11-03 | 2023-11-14 |
| CVE-2023-3676 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-30 |
| CVE-2023-2878 json | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 - MEDIUM | 2023-06-07 | 2023-10-02 |
| CVE-2023-2728 json | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plug... | 6.5 - MEDIUM | 2023-07-03 | 2023-08-03 |
Known software with vulnerabilities from Kubernetes
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kubernetes | Container Storage Interface Snapshotter | 0.4.0 |
| Application | Kubernetes | Cri-o | 0.0.0 |
| Application | Kubernetes | External-provisioner | 0.2.0 |
| Application | Kubernetes | External-resizer | 0.1.0 |
| Application | Kubernetes | External-snapshotter | 0.4.0 |
| Application | Kubernetes | Ingress-nginx | - |
| Application | Kubernetes | Java | - |
| Application | Kubernetes | Kube-state-metrics | 0.1.0 |
| Application | Kubernetes | Kubernetes | 0.10.0 |
| Application | Kubernetes | Minikube | 0.1.0 |
| Application | Kubernetes | Nginx Ingress Controller | 0.10.0 |
| Application | Kubernetes | Secrets Store Csi Driver | 0.0.1 |