CVE Daily – Azure Kubernetes Service

[Critical] CVE-2026-33105 – Improper authorization in Microsoft Azure Kubernetes Service allows an unauthori...

Fri, 03 Apr 2026 00:16:05 +0000

Critical CVE-2026-33105

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVSS: 10.0 · CWE: CWE-285

View on NVD

[Medium] CVE-2026-33726 – Cilium is a networking, observability, and security solution with an eBPF-based ...

Fri, 27 Mar 2026 01:16:20 +0000

Medium CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is autom…

CVSS: 5.4 · CWE: CWE-284

View on NVD

[Critical] CVE-2024-29990 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege...

Tue, 09 Apr 2024 17:16:02 +0000

Critical CVE-2024-29990

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 · CWE: CWE-284

View on NVD

[Critical] CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege...

Tue, 12 Mar 2024 17:15:49 +0000

Critical CVE-2024-21400

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 · CWE: CWE-22

View on NVD

[Critical] CVE-2024-21403 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege...

Tue, 13 Feb 2024 18:15:58 +0000

Critical CVE-2024-21403

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 · CWE: CWE-552

View on NVD

[Critical] CVE-2024-21376 – Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution ...

Tue, 13 Feb 2024 18:15:55 +0000

Critical CVE-2024-21376

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

CVSS: 9.0 · CWE: CWE-284

View on NVD

[High] CVE-2023-29332 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Tue, 12 Sep 2023 17:15:08 +0000

High CVE-2023-29332

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVSS: 7.5 · CWE: CWE-330

View on NVD

[Medium] CVE-2022-23551 – aad-pod-identity assigns Azure Active Directory identities to Kubernetes applica...

Wed, 21 Dec 2022 20:15:09 +0000

Medium CVE-2022-23551

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allow…

CVSS: 5.3 · CWE: CWE-863

View on NVD

[Medium] CVE-2021-24109 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Thu, 25 Feb 2021 23:15:16 +0000

Medium CVE-2021-24109

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVSS: 6.8 · CWE: N/A

View on NVD

[Critical] CVE-2014-6287 – The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks H...

Tue, 07 Oct 2014 10:55:04 +0000

Critical CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

CVSS: 9.8 · CWE: CWE-94

View on NVD