Known Vulnerabilities for products from Kubernetes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kubernetes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49298 json | Not Provided | 2026-06-01 | 2026-06-02 | |
| CVE-2026-45760 json | Not Provided | 2026-05-21 | 2026-05-23 | |
| CVE-2026-45021 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-44885 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-44884 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-44883 json | Not Provided | 2026-05-28 | 2026-06-02 | |
| CVE-2026-44882 json | Not Provided | 2026-05-28 | 2026-05-30 | |
| CVE-2026-44881 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-44850 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-44849 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-33519 json | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernete... | Not Provided | 2026-04-21 | 2026-05-18 |
| CVE-2026-4342 json | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configurati... | Not Provided | 2026-03-19 | 2026-05-19 |
| CVE-2026-3288 json | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation ca... | Not Provided | 2026-03-09 | 2026-05-06 |
| CVE-2023-5528 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-14 | 2023-11-30 |
| CVE-2023-5044 json | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-5043 json | Ingress nginx annotation injection causes arbitrary command execution. | 8.8 - HIGH | 2023-10-25 | 2023-11-02 |
| CVE-2023-3955 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-08 |
| CVE-2023-3893 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-prox... | 8.8 - HIGH | 2023-11-03 | 2023-11-14 |
| CVE-2023-3676 json | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to ... | 8.8 - HIGH | 2023-10-31 | 2023-11-30 |
| CVE-2023-2878 json | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 - MEDIUM | 2023-06-07 | 2023-10-02 |
Known software with vulnerabilities from Kubernetes
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kubernetes | Container Storage Interface Snapshotter | 0.4.0 |
| Application | Kubernetes | Cri-o | 0.0.0 |
| Application | Kubernetes | External-provisioner | 0.2.0 |
| Application | Kubernetes | External-resizer | 0.1.0 |
| Application | Kubernetes | External-snapshotter | 0.4.0 |
| Application | Kubernetes | Ingress-nginx | - |
| Application | Kubernetes | Java | - |
| Application | Kubernetes | Kube-state-metrics | 0.1.0 |
| Application | Kubernetes | Kubernetes | 0.10.0 |
| Application | Kubernetes | Minikube | 0.1.0 |
| Application | Kubernetes | Nginx Ingress Controller | 0.10.0 |
| Application | Kubernetes | Secrets Store Csi Driver | 0.0.1 |