Kubernetes

Argo Workflows versions 4.0.0 to 4.0.4 log artifact repository credentials in plaintext, allowing users with read access to pod logs to extract sensitive information such as S3 access keys and GCS service account keys.

Argo Workflows has an incomplete fix for CVE-2026-31892, allowing bypass of templateReferencing restrictions to modify pod specifications, leading to potential privilege escalation and security context overrides.

IBM Turbonomic prometurbo agent versions 8.16.0 through 8.17.6 grants excessive cluster-wide permissions, including unrestricted read access to all secrets, allowing a compromised operator or service account to exfiltrate credentials, escalate privileges, and achieve full cluster compromise.

k8sGPT versions before 0.4.32 are vulnerable to prompt injection due to deserialization of AI-generated YAML without proper validation in the auto-remediation pipeline, potentially leading to arbitrary code execution within the Kubernetes cluster.

A malformed `workflows.argoproj.io/pod-gc-strategy` annotation in an Argo Workflow pod can trigger an unchecked array index in the `podGCFromPod()` function, leading to a controller-wide panic and denial-of-service.

CVE-2026-22039 incompletely fixed a cross-namespace privilege escalation vulnerability in Kyverno's apiCall context, as the ConfigMap context loader still lacks namespace validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account, leading to a complete RBAC bypass in multi-tenant Kubernetes clusters.

An authenticated remote attacker can exploit multiple vulnerabilities in Kyverno to disclose information, bypass security measures, manipulate data, and gain elevated privileges.

CVE-2026-6388 describes a flaw in ArgoCD Image Updater that allows an attacker with permissions to create or modify an ImageUpdater resource in a multi-tenant environment to bypass namespace boundaries and trigger unauthorized image updates.

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests, enabling unauthorized access to internal services, cloud metadata endpoints, and data exfiltration.

CVE-2026-5483 is a high-severity vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, potentially leading to unauthorized access to Kubernetes resources.

A path traversal vulnerability in Helm versions 4.0.0 to 4.1.3 allows a malicious plugin to write files to arbitrary locations on the filesystem, leading to potential system compromise.

A single source IP accessing secret-management APIs across multiple cloud providers (AWS, GCP, Azure) and Kubernetes clusters within a short timeframe indicates potential credential theft, session hijacking, or token replay.

The kcp cache server is exposed without authentication, allowing unauthorized read access to sensitive data and a race condition for write access that could lead to temporary privilege escalation.

CVE-2026-4740 describes a vulnerability in Red Hat Open Cluster Management (OCM) where improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge certificates, enabling cross-cluster privilege escalation.

Detects unusual access to Kubernetes secrets, potentially indicating an attacker attempting to steal sensitive information after gaining initial access to the cluster.

CVE-2026-33105 is a critical vulnerability in Microsoft Azure Kubernetes Service that allows an unauthorized attacker to elevate privileges over a network due to improper authorization.

The KubeAI project is vulnerable to OS command injection because the `ollamaStartupProbeScript()` function constructs a shell command string using `fmt.Sprintf` with unsanitized model URL components (`ref`, `modelParam`), which is then executed via `bash -c` as a Kubernetes startup probe, allowing arbitrary command execution inside model server pods by attackers with the ability to create or update `Model` custom resources.

This rule detects potential kubectl network configuration modification activity by monitoring for process events where the kubectl command is executed with arguments that suggest an attempt to modify network configurations in Kubernetes, potentially leading to unauthorized access or data exfiltration.

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator that allows unauthorized access to Llama Stack services in other namespaces via direct network requests due to missing NetworkPolicy restrictions, potentially enabling attackers to view or manipulate sensitive data.

A local attacker can exploit a vulnerability in RedHat Multicluster Engine for Kubernetes to escalate privileges.

The Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter, allowing arbitrary file reads from the resolver pod's filesystem, including ServiceAccount tokens.

TeamPCP's CanisterWorm is a newly identified Kubernetes wiper targeting Iranian infrastructure, indicating a politically motivated destructive attack.

This rule detects the creation or modification of Kubernetes Roles or ClusterRoles that grant high-risk permissions, such as wildcard access or RBAC escalation verbs (e.g., bind, escalate, impersonate), potentially leading to privilege escalation or unauthorized access within the cluster.

A single user and source IP attempts to enumerate Kubernetes endpoints, issuing API requests across multiple endpoints to identify accessible resources for further exploitation.

An attacker may deploy a pod within the kube-system namespace in Kubernetes to mimic legitimate system pods and evade detection.

An adversary modifies Kubernetes admission controller configurations to achieve persistence, escalate privileges, or gain unauthorized access to credentials within the cluster.

The Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.

An adversary may delete Kubernetes events to evade detection and hide malicious activity within a Kubernetes environment by removing audit logs.

Attackers attempt to enumerate and discover sensitive information within a Kubernetes cluster by leveraging common shells, utilities, and specialized tools, as reflected in audit logs.

An unchecked type assertion in Kyverno versions v1.13.0 to v1.17.1 allows a user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff, leading to a denial of service, by crafting a malicious policy that triggers a nil pointer dereference in the forEach mutation handler.

Adversaries may delete events in Azure Kubernetes to evade detection, which this rule detects via the MICROSOFT.KUBERNETES/CONNECTEDCLUSTERS/EVENTS.K8S.IO/EVENTS/DELETE operation.

Detects the creation or modification of Kubernetes Roles or ClusterRoles that grant high-risk permissions, such as wildcard access or RBAC escalation verbs, potentially leading to privilege escalation or unauthorized access within the cluster.

The rule detects when a Kubernetes Role or ClusterRole is patched or updated to grant wildcard verbs and resources, effectively granting cluster-admin-like privileges, which is often a deliberate privilege expansion and could indicate malicious activity.

This rule detects Kubernetes audit events where a node or pod service account attempts to read secrets directly, which is often a sign of credential access.

An adversary can exploit Kubernetes Admission Controllers in Azure to achieve persistence, privilege escalation, or credential access by manipulating webhook configurations.

This rule detects lateral movement in AWS environments originating from Kubernetes service accounts by identifying instances where credentials obtained for a service account are used for multiple distinct AWS control-plane actions, potentially indicating unauthorized access.

Adversaries may perform reconnaissance in a Kubernetes environment by rapidly querying multiple resource types to map the environment and identify potential privilege escalation paths.

Detects read access to Kubernetes Secrets (`get`/`list`) with a user agent matching a curated set of non-standard or attacker-leaning clients, indicating potential credential access.

Detects an unusual volume of Kubernetes API get requests against multiple distinct Secret objects from the same client fingerprint, potentially indicating credential access or in-cluster reconnaissance.

Detects successful AWS `AssumeRoleWithWebIdentity` calls where the caller identity is a Kubernetes service account and the source autonomous system organization is not `Amazon.com, Inc.`, which may indicate a stolen or misused projected service-account token being exchanged for IAM credentials off-cluster.

Detection of Kubernetes Secrets listing from non-loopback clients targeting cluster-wide secrets or sensitive namespaces, potentially indicating unauthorized credential access or discovery.