彙總 Kubernetes 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 輸入驗證問題與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 映像處理與容器環境 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-4342 | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | [email protected] | 8.8 | 0.06% | 2026-03-19 | 2026-05-19 |
| CVE-2026-3288 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | [email protected] | 8.8 | 0.05% | 2026-03-09 | 2026-05-06 |
| CVE-2024-5154 | A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | [email protected] | 8.1 | 1.70% | 2024-06-12 | 2025-06-23 |
| CVE-2023-5528 | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | [email protected] | 7.2 | 19.85% | 2023-11-14 | 2025-01-03 |
| CVE-2022-3172 | A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | [email protected] | 5.1 | 3.41% | 2023-11-03 | 2025-02-13 |
| CVE-2023-3893 | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | [email protected] | 8.8 | 3.69% | 2023-11-03 | 2025-08-01 |
| CVE-2023-3955 | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | [email protected] | 8.8 | 0.76% | 2023-10-31 | 2025-02-13 |
| CVE-2023-3676 | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | [email protected] | 8.8 | 40.74% | 2023-10-31 | 2025-02-13 |
| CVE-2021-25736 | Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | [email protected] | 5.8 | 0.12% | 2023-10-30 | 2025-06-12 |
| CVE-2023-5044 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | [email protected] | 7.6 | 8.94% | 2023-10-25 | 2025-02-13 |
| CVE-2023-5043 | Ingress nginx annotation injection causes arbitrary command execution. | [email protected] | 7.6 | 4.10% | 2023-10-25 | 2025-02-13 |
| CVE-2022-4886 | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | [email protected] | 8.8 | 0.19% | 2023-10-25 | 2025-02-13 |
| CVE-2023-1943 | Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | [email protected] | 8.0 | 0.10% | 2023-10-12 | 2024-11-21 |
| CVE-2022-4318 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | [email protected] | 7.8 | 0.04% | 2023-09-25 | 2024-11-21 |
| CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | [email protected] | 8.0 | 0.06% | 2023-09-24 | 2024-11-21 |
| CVE-2022-3466 | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) r | [email protected] | 4.8 | 0.04% | 2023-09-15 | 2024-11-21 |
| CVE-2023-2728 | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | [email protected] | 6.5 | 4.85% | 2023-07-03 | 2025-02-13 |
| CVE-2023-2727 | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | [email protected] | 6.5 | 0.17% | 2023-07-03 | 2025-02-13 |
| CVE-2023-2431 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | [email protected] | 3.4 | 0.01% | 2023-06-16 | 2024-12-12 |
| CVE-2023-2878 | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | [email protected] | 6.5 | 0.05% | 2023-06-07 | 2025-02-13 |