VYPR
Vendor

Kubewarden

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2025-24376MedJan 30, 2025
    risk 0.35cvss 6.5epss 0.00

    kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided…

  • CVE-2026-42541MedMay 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes use of the can_i host callback. The callback issues a SubjectAccessReview (SAR)…

  • CVE-2026-29773MedMar 10, 2026
    risk 0.21cvss 4.3epss 0.00

    Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a…

  • CVE-2025-24784MedJan 30, 2025
    risk 0.21cvss 4.3epss 0.00

    kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources.…

  • CVE-2023-22645Apr 19, 2023
    risk 0.00cvss epss 0.00

    An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.