Known Vulnerabilities for products from Kubernetes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kubernetes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40924 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-40324 json | Not Provided | 2026-04-18 | 2026-04-20 | |
| CVE-2026-40109 json | Not Provided | 2026-04-09 | 2026-04-14 | |
| CVE-2026-40090 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-39961 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2026-39884 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-39429 json | Not Provided | 2026-04-08 | 2026-04-10 | |
| CVE-2026-35206 json | Not Provided | 2026-04-09 | 2026-04-14 | |
| CVE-2026-35205 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2026-35204 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2023-5528 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-14 | 2023-11-30 |
| CVE-2023-5044 json | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-5043 json | Ingress nginx annotation injection causes arbitrary command execution. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-3955 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-08 |
| CVE-2023-3893 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-prox... | 8.8 - HIGH | 2023-11-03 | 2023-11-14 |
| CVE-2023-3676 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-30 |
| CVE-2023-2878 json | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 - MEDIUM | 2023-06-07 | 2023-10-02 |
| CVE-2023-2728 json | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plug... | 6.5 - MEDIUM | 2023-07-03 | 2023-08-03 |
| CVE-2023-2727 json | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers... | 6.5 - MEDIUM | 2023-07-03 | 2023-08-03 |
| CVE-2023-2431 json | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhos... | 5.5 - MEDIUM | 2023-06-16 | 2023-07-01 |
Known software with vulnerabilities from Kubernetes
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kubernetes | Container Storage Interface Snapshotter | 0.4.0 |
| Application | Kubernetes | Cri-o | 0.0.0 |
| Application | Kubernetes | External-provisioner | 0.2.0 |
| Application | Kubernetes | External-resizer | 0.1.0 |
| Application | Kubernetes | External-snapshotter | 0.4.0 |
| Application | Kubernetes | Ingress-nginx | - |
| Application | Kubernetes | Java | - |
| Application | Kubernetes | Kube-state-metrics | 0.1.0 |
| Application | Kubernetes | Kubernetes | 0.10.0 |
| Application | Kubernetes | Minikube | 0.1.0 |
| Application | Kubernetes | Nginx Ingress Controller | 0.10.0 |
| Application | Kubernetes | Secrets Store Csi Driver | 0.0.1 |