By weakness (CWE)

CWE-532: related vulnerabilities

CVEs classified under CWE-532. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

3 published vulnerabilities

  • CVE-2026-40619HIGH 7.8

    A high-severity vulnerability in Genetec Security Center main server installations can allow an attacker who already has local access to the server's operating system to steal the Server Admin credentials. The unusual aspect of this vulnerability is that it affects specific installation builds rather than entire product versions—meaning two installations of the same version number could have different risk levels depending on which build was deployed. There is currently no public evidence that this flaw is being actively exploited in the wild.

  • CVE-2026-41184MEDIUM 6.5

    Calico's CNI installer container accidentally logs Kubernetes ServiceAccount tokens to standard output during deployment, specifically when using Canal or Flannel-Calico configurations. Any user with permission to view pod logs in the affected namespace can retrieve this token, which grants the ability to modify pod annotations—a vector for attacking workloads in your cluster. The vulnerability is a regression of a previously fixed issue and does not affect deployments using the default kubeconfig authentication method.

  • CVE-2026-41185MEDIUM 6.5

    Calico, a widely-used open-source networking plugin for Kubernetes, logs sensitive authentication credentials to plaintext files when deployed with Azure's IPAM plugin and token-based Kubernetes authentication. The vulnerability occurs because the Calico CNI binary adds subnet information to the configuration before forwarding it to Azure IPAM for processing. During this handoff, the entire configuration—including Kubernetes ServiceAccount tokens, client keys, and certificate authority data—is logged at INFO level to /var/log/calico/cni/cni.log. This happens on every pod scheduling or termination, creating a high-frequency credential leak. Any user or process with read access to node-level logs can extract cluster-wide Calico networking administrator credentials without triggering alarms.