Known Vulnerabilities for products from Kubernetes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kubernetes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61459 json | Not Provided | 2026-07-10 | 2026-07-13 | |
| CVE-2026-59269 json | Not Provided | 2026-07-09 | 2026-07-09 | |
| CVE-2026-55884 json | Not Provided | 2026-07-10 | 2026-07-13 | |
| CVE-2026-55883 json | Not Provided | 2026-07-10 | 2026-07-10 | |
| CVE-2026-55882 json | Not Provided | 2026-07-10 | 2026-07-13 | |
| CVE-2026-55761 json | Not Provided | 2026-07-08 | 2026-07-08 | |
| CVE-2026-55069 json | Not Provided | 2026-06-26 | 2026-06-29 | |
| CVE-2026-54765 json | Not Provided | 2026-07-06 | 2026-07-07 | |
| CVE-2026-54762 json | Not Provided | 2026-06-23 | 2026-06-24 | |
| CVE-2026-54761 json | Not Provided | 2026-06-23 | 2026-06-25 | |
| CVE-2026-33519 json | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernete... | Not Provided | 2026-04-21 | 2026-05-18 |
| CVE-2026-13020 json | A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windo... | Not Provided | 2026-07-07 | 2026-07-09 |
| CVE-2026-13019 json | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical ... | Not Provided | 2026-07-07 | 2026-07-09 |
| CVE-2026-4342 json | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configurati... | Not Provided | 2026-03-19 | 2026-05-19 |
| CVE-2026-3288 json | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation ca... | Not Provided | 2026-03-09 | 2026-05-06 |
| CVE-2023-5528 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-14 | 2023-11-30 |
| CVE-2023-5044 json | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-5043 json | Ingress nginx annotation injection causes arbitrary command execution. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-3955 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-08 |
| CVE-2023-3893 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-prox... | 8.8 - HIGH | 2023-11-03 | 2023-11-14 |
Known software with vulnerabilities from Kubernetes
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kubernetes | Container Storage Interface Snapshotter | 0.4.0 |
| Application | Kubernetes | Cri-o | 0.0.0 |
| Application | Kubernetes | External-provisioner | 0.2.0 |
| Application | Kubernetes | External-resizer | 0.1.0 |
| Application | Kubernetes | External-snapshotter | 0.4.0 |
| Application | Kubernetes | Ingress-nginx | - |
| Application | Kubernetes | Java | - |
| Application | Kubernetes | Kube-state-metrics | 0.1.0 |
| Application | Kubernetes | Kubernetes | 0.10.0 |
| Application | Kubernetes | Minikube | 0.1.0 |
| Application | Kubernetes | Nginx Ingress Controller | 0.10.0 |
| Application | Kubernetes | Secrets Store Csi Driver | 0.0.1 |