By vendor
Tigera vulnerabilities
Known CVEs affecting Tigera products, prioritized by severity, with SEC.co remediation and detection guidance.
2 published vulnerabilities
- CVE-2026-41184MEDIUM 6.5
Calico's CNI installer container accidentally logs Kubernetes ServiceAccount tokens to standard output during deployment, specifically when using Canal or Flannel-Calico configurations. Any user with permission to view pod logs in the affected namespace can retrieve this token, which grants the ability to modify pod annotations—a vector for attacking workloads in your cluster. The vulnerability is a regression of a previously fixed issue and does not affect deployments using the default kubeconfig authentication method.
- CVE-2026-41185MEDIUM 6.5
Calico, a widely-used open-source networking plugin for Kubernetes, logs sensitive authentication credentials to plaintext files when deployed with Azure's IPAM plugin and token-based Kubernetes authentication. The vulnerability occurs because the Calico CNI binary adds subnet information to the configuration before forwarding it to Azure IPAM for processing. During this handoff, the entire configuration—including Kubernetes ServiceAccount tokens, client keys, and certificate authority data—is logged at INFO level to /var/log/calico/cni/cni.log. This happens on every pod scheduling or termination, creating a high-frequency credential leak. Any user or process with read access to node-level logs can extract cluster-wide Calico networking administrator credentials without triggering alarms.