CVE-2026-44514
Description
Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. This is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability and affects both the desktop deployment (default http://localhost:7500) and cluster deployments (typically behind an Ingress with HTTP basic auth). This vulnerability is fixed in 0.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kubetail-org/kubetail/modules/dashboardGo | < 0.14.0 | 0.14.0 |
github.com/kubetail-org/kubetail/modules/cliGo | < 0.16.0 | 0.16.0 |
Affected products
3- Range: < 0.16.0
- ghsa-coords2 versionspkg:golang/github.com/kubetail-org/kubetail/modules/clipkg:golang/github.com/kubetail-org/kubetail/modules/dashboard
< 0.16.0+ 1 more
- (no CPE)range: < 0.16.0
- (no CPE)range: < 0.14.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.