Medium
CVE-2026-42175
requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addr…
Tag: Amazon EKS
All CVEs associated with "Amazon EKS". Page 1/1 • 15 CVEs.
About “Amazon EKS”
A curated feed of “Amazon EKS”-related CVEs appears below. We currently track 15 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 7.7 (all time; 7.7 over 365d), and 60% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-918 - Server-Side Request Forgery (SSRF), CWE-306 - Missing Authentication for Critical Function, CWE-284 - Improper Access Control.
In our taxonomy this topic maps to a MODERATE impact class. Cloud and managed service CVEs involve shared responsibility. Check provider bulletins to confirm tenant actions, limit exposure, and rotate keys if advised. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: amazon-eks
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Extended Support | EOL | LTS |
|---|---|---|---|---|---|
| 1.35 | 1.35-eks-13 | ||||
| 1.34 | 1.34-eks-23 | ||||
| 1.33 | 1.33-eks-37 | Soon | |||
| 1.32 | 1.32-eks-44 | Expired | |||
| 1.31 | 1.31-eks-60 | Expired | |||
| 1.30 | 1.30-eks-68 | Expired | |||
| 1.29 | 1.29-eks-66 | Expired | |||
| 1.28 | 1.28-eks-63 | Expired | |||
| 1.27 | 1.27-eks-53 | Expired | |||
| 1.26 | 1.26-eks-51 | Expired | |||
| 1.25 | 1.25-eks-48 | Expired | |||
| 1.24 | 1.24-eks-45 | Expired | |||
| 1.23 | 1.23-eks-30 | Expired | |||
| 1.22 | 1.22-eks-14 | Expired | |||
| 1.21 | 1.21-eks-18 | Expired | |||
| 1.20 | 1.20-eks-14 | Unavailable | Expired | ||
| 1.19 | 1.19-eks-11 | Unavailable | Expired | ||
| 1.18 | 1.18-eks-13 | Unavailable | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Amazon EKS” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-12
2026-05-11
Critical
CVE-2026-42864
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = […
2026-03-27
Medium
CVE-2026-33726
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from po…
2025-12-15
High
CVE-2025-14503
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environ…
2025-11-13
Critical
CVE-2025-64709
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows a…
2024-10-22
High
CVE-2024-10125
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with th…
2024-07-19
High
CVE-2024-35199
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhos…
Critical
CVE-2024-35198
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters s…
2024-05-21
Critical
CVE-2024-31989
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis serve…
2023-07-17
Critical
CVE-2023-2963
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS…
Medium
CVE-2023-2960
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS). This issue affects Oliva…
High
CVE-2023-2959
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2.
2023-06-23
Medium
CVE-2023-35165
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib`…
2020-09-14
Medium
CVE-2020-13318
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
2020-06-19
Medium
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code