Go modules package
github.com/rancher/local-path-provisioner
pkg:golang/github.com/rancher/local-path-provisioner
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44543 | Hig | 8.7 | < 0.0.36 | 0.0.36 | May 28, 2026 | Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used | |
| CVE-2025-62878 | Cri | 9.9 | < 0.0.34 | 0.0.34 | Feb 25, 2026 | A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. |
- affected < 0.0.36fixed 0.0.36
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used
- affected < 0.0.34fixed 0.0.34
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.