CVE-2026-29954 โ€” In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components haveโ€ฆ

/HIGH
CVE Notify vulnerabilitycve
CVE-2026-29954 โ€” In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components haveโ€ฆ

Image via github.githubassets.com

๐Ÿšจ CVE-2026-29954 In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address.

CVE-Request: KubePlus ResourceComposition ChartURL SSRF + Header Injection
gist.github.com

What This Means For You

  • Rated critical severity โ€” prioritize patching or mitigation.
  • New vulnerability disclosed โ€” verify if your stack is exposed.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.001 Web Protocols Command and Control T1588.002 Software Resource Development

Indicators of Compromise

IDTypeIndicator
CVE-2026-29954 SSRF KubePlus 4.1.4, mutating webhook component, processing chartURL field of ResourceComposition resources, URL-encoded without validating target address.
CVE-2026-29954 Command Injection KubePlus 4.1.4, kubeconfiggenerator component, processing chartURL field of ResourceComposition resources, chartURL directly concatenated into wget command, allowing --header option injection.
CVE-2026-29954 HTTP Header Injection KubePlus 4.1.4, kubeconfiggenerator component, processing chartURL field of ResourceComposition resources, chartURL directly concatenated into wget command, allowing --header option injection.
๐Ÿ”Ž
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic โ€” straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot โ†’
Source & Attribution
Source PlatformTelegram
ChannelCVE Notify
PublishedApril 06, 2026 at 18:56 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

BookingPress Pro Plugin: Critical RCE via Unauthenticated File Upload

CVE-2026-6960 โ€” The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-22678 โ€” The Email Template Description Field Of The System And Serve Cross-Site Scripting (XSS)

CVE-2026-22678 โ€” Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /5.4 /⚑ 2 IOCs /⚙ 3 Sigma

LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)

CVE-2026-47102 โ€” LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma