Vulnerabilities in Kubernetes
102 resultsCVE-2025-1974CRITICALingress-nginx admission controller RCE escalationEPSS 99.3%CVE-2018-1002105CRITICALIn all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in theEPSS 87.0%CVE-2025-1098HIGHingress-nginx controller - configuration injection via unsanitized mirror annotationsEPSS 84.3%CVE-2019-11248MEDIUMKubernetes kubelet exposes /debug/pprof info on healthz portEPSS 61.1%CVE-2023-5044HIGHCode injection via nginx.ingress.kubernetes.io/permanent-redirect annotationEPSS 56.6%CVE-2025-1097HIGHingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotationEPSS 34.3%CVE-2025-24514HIGHingress-nginx controller - configuration injection via unsanitized auth-url annotationEPSS 31.4%CVE-2024-7646HIGHA security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `exEPSS 26.0%CVE-2019-11253HIGHKubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attackEPSS 25.9%CVE-2019-1002101MEDIUMkubectl cp path traversalEPSS 13.2%CVE-2023-3676HIGHKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalationEPSS 11.7%CVE-2017-1002101HIGHIn Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with EPSS 11.6%CVE-2019-1002100MEDIUMIn all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API SeEPSS 10.5%CVE-2020-8554MEDIUMKubernetes man in the middle using LoadBalancer or ExternalIPsEPSS 9.3%CVE-2026-3288HIGHingress-nginx rewrite-target nginx configuration injectionEPSS 6.7%CVE-2021-25741HIGHSymlink Exchange Can Allow Host Filesystem AccessEPSS 6.5%CVE-2020-8559MEDIUMPrivilege escalation from compromised node to clusterEPSS 6.1%CVE-2021-25735MEDIUMValidating Admission Webhook does not observe some previous fieldsEPSS 5.2%CVE-2018-1002101MEDIUMIn Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on WiEPSS 4.1%CVE-2019-11249MEDIUMkubectl cp allows symlink directory traversalEPSS 3.7%