Vendor
high
advisory
Woodpecker Privilege Escalation via Unrestricted Kubernetes serviceAccountName
2 TTPsA high-severity privilege escalation vulnerability (CVE-2026-61549) in Woodpecker CI, specifically affecting instances using the Kubernetes backend, allows any user with Push permissions on a connected repository to run pipeline pods under an arbitrary ServiceAccount, potentially leading to secret exfiltration and full cluster takeover.
Woodpecker CI
privilege-escalation
kubernetes
ci/cd
vulnerability
2t
high
advisory
Woodpecker CI gRPC Vulnerability Allows Cross-Tenant Agent Impersonation (CVE-2026-50141)
1 TTP 1 CVEA high-severity vulnerability (CVE-2026-50141) in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` into gRPC metadata, leading to potential privilege escalation and unauthorized access within CI/CD pipelines.
Woodpecker CI v3
privilege-escalation
vulnerability
grpc
ci-cd
1t
1c