VYPR

Kuma

by Kumahq

Source repositories

CVEs (2)

  • CVE-2024-36542HigJul 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

  • CVE-2026-45021MedMay 28, 2026
    risk 0.26cvss epss 0.00

    Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the…