CVE Daily
← All tags

Tag: Azure Kubernetes Service

All CVEs associated with "Azure Kubernetes Service". Page 1/1 • 10 CVEs.

About “Azure Kubernetes Service”

A curated feed of “Azure Kubernetes Service”-related CVEs appears below. We currently track 10 CVEs for this tag (all time). In the last 365 days, 2 were published. Average CVSS is 8.1 (all time; 7.7 over 365d), and 70% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-285 - Improper Authorization, CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Cloud and managed service CVEs involve shared responsibility. Check provider bulletins to confirm tenant actions, limit exposure, and rotate keys if advised. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: azure-kubernetes-service

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
1.35-
1.34- Soon
1.33- Soon
1.32- Expired
1.31- Expired
1.30- Expired
1.29- Expired
1.28- Expired
1.27- Expired
1.26-Unavailable Expired
1.25-Unavailable Expired
1.24-Unavailable Expired
1.23-Unavailable Expired
1.22-Unavailable Expired
1.21-Unavailable Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Azure Kubernetes Service”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-04-03
Critical

CVE-2026-33105

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVSS: 10.0 CWE: CWE-285 - Improper Authorization View on NVD
2026-03-27
Medium

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from po…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
2024-04-09
Critical

CVE-2024-29990

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: CWE-284 - Improper Access Control View on NVD
2024-03-12
Critical

CVE-2024-21400

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-02-13
Critical

CVE-2024-21403

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
Critical

CVE-2024-21376

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

CVSS: 9.0 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-12
High

CVE-2023-29332

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2022-12-21
Medium

CVE-2022-23551

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-02-25
Medium

CVE-2021-24109

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
2014-10-07
Critical

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a se…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox