Azure Kubernetes Service
by Microsoft
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33105 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2026-32193 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. | ||
| CVE-2024-29990 | 0.01 | — | 0.18 | Apr 9, 2024 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||
| CVE-2023-29332 | 0.01 | — | 0.03 | Sep 12, 2023 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | |||
| CVE-2024-21400 | 0.00 | — | 0.02 | Mar 12, 2024 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||
| CVE-2024-21403 | 0.00 | — | 0.01 | Feb 13, 2024 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||
| CVE-2024-21376 | 0.00 | — | 0.01 | Feb 13, 2024 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |||
| CVE-2021-27075 | 0.00 | — | 0.01 | Mar 11, 2021 | Azure Virtual Machine Information Disclosure Vulnerability | |||
| CVE-2021-24109 | 0.00 | — | 0.02 | Feb 25, 2021 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | |||
| CVE-2021-1677 | 0.00 | — | 0.01 | Jan 12, 2021 | Azure Active Directory Pod Identity Spoofing Vulnerability |
- risk 0.65cvss 10.0epss 0.01
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.57cvss 8.8epss 0.00
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
- CVE-2024-29990Apr 9, 2024risk 0.01cvss —epss 0.18
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
- CVE-2023-29332Sep 12, 2023risk 0.01cvss —epss 0.03
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
- CVE-2024-21400Mar 12, 2024risk 0.00cvss —epss 0.02
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
- CVE-2024-21403Feb 13, 2024risk 0.00cvss —epss 0.01
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
- CVE-2024-21376Feb 13, 2024risk 0.00cvss —epss 0.01
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
- CVE-2021-27075Mar 11, 2021risk 0.00cvss —epss 0.01
Azure Virtual Machine Information Disclosure Vulnerability
- CVE-2021-24109Feb 25, 2021risk 0.00cvss —epss 0.02
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
- CVE-2021-1677Jan 12, 2021risk 0.00cvss —epss 0.01
Azure Active Directory Pod Identity Spoofing Vulnerability