Google Kubernetes Engine - 5 CVEs (Page 1/1)

About “Google Kubernetes Engine”

A curated feed of “Google Kubernetes Engine”-related CVEs appears below. We currently track 5 CVEs for this tag (all time). In the last 365 days, 2 were published. Average CVSS is 6.4 (all time; 7.4 over 365d), and 40% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-306 - Missing Authentication for Critical Function, CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Cloud and managed service CVEs involve shared responsibility. Check provider bulletins to confirm tenant actions, limit exposure, and rotate keys if advised. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: google-kubernetes-engine

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL
1.35	2026-02-11	1.35.5-gke.1057000	2027-02-28	2027-04-11
1.34	2025-09-30	1.34.8-gke.1126000	2026-08-30	2026-10-01 Soon
1.33	2025-06-03	1.33.12-gke.1059000	2026-06-30	2026-08-03 Soon
1.32	2025-02-11	1.32.13-gke.1592000	2026-02-28	2026-04-11 Expired
1.31	2024-10-25	1.31.14-gke.1967000	2025-11-30	2026-01-16 Expired
1.30	2024-07-31	1.30.14-gke.2558000	2025-07-31	2025-09-30 Expired
1.29	2024-01-26	1.29.15-gke.2725000	2025-02-28	2025-04-12 Expired
1.28	2023-12-04	1.28.15-gke.3290000	2024-12-31	2025-02-04 Expired
1.27	2023-06-15	1.27.16-gke.2894000	2024-07-31	2024-10-01 Expired
1.26	2023-03-31	1.26.15-gke.1469001	2024-04-30	2024-06-30 Expired
1.25	2022-12-14	1.25.16-gke.1759000	2024-01-31	2024-03-30 Expired
1.24	2022-06-23	1.24.17-gke.2472000	2023-08-31	2023-10-31 Expired
1.23	2022-05-03	1.23.17-gke.10700	2023-05-31	2023-07-31 Expired
1.22	2022-03-07	1.22.17-gke.14100	2023-02-28	2023-04-30 Expired
1.21	2021-10-01	1.21.14-gke.18800	2022-11-01	2023-01-31 Expired
1.20	2021-06-09	1.20.15-gke.13700	2021-12-01	2022-08-01 Expired
1.19	2021-04-14	1.19.16-gke.15700	2021-10-01	2022-06-01 Expired
1.18	2021-03-29	1.18.20-gke.6000	2021-08-01	2022-03-01 Expired
1.17	2021-03-29	1.17.17-gke.9100	2021-07-01	2021-11-01 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Google Kubernetes Engine” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-04-13

Critical

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an…

CVSS: 9.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

2026-03-27

Medium

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from po…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD

2020-02-12

High

CVE-2020-2121

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

CVSS: 8.8 CWE: N/A View on NVD

2019-10-16

Medium

CVE-2019-10445

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential wi…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

2019-07-31

Medium

CVE-2019-10365

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read perm…

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD