CVE-2021-4178

MEDIUM

fabric8-kubernetes 5.0.0-beta-1-5.0.3 - Arbitrary Code Execution via YAML Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-4178. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository appears to be a legitimate writeup and codebase for the Fabric8 Kubernetes client, including references to CVE-2021-4178. It contains Java source files, build scripts, and documentation but no explicit exploit code or offensive techniques.

Description

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/fabric8io__kubernetes-client_CVE-2021-4178_5-0-2

This repository appears to be a legitimate writeup and codebase for the Fabric8 Kubernetes client, including references to CVE-2021-4178. It contains Java source files, build scripts, and documentation but no explicit exploit code or offensive techniques.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Fabric8 Kubernetes Client (versions up to 5.0.2)
No auth needed
Prerequisites: Access to a vulnerable Kubernetes cluster · Ability to execute Java code in the target environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2034388
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-4178
Third Party Advisory x_refsource_misc
https://github.com/advisories/GHSA-98g7-rxmf-rrxm
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/fabric8io/kubernetes-client/issues/3653

Scores

CVSS v3 6.7
EPSS 0.0031
EPSS Percentile 22.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (12)
io.fabric8/kubernetes-client 5.0.0-beta-1 - 5.0.3Maven
redhat/a-mq_streams 2.0.1
redhat/build_of_quarkus 2.2.5
redhat/descision_manager 7.0
redhat/fabric8-kubernetes 5.0.0 beta1
redhat/fabric8-kubernetes 5.8.0
redhat/fabric8-kubernetes 5.0.1 - 5.0.3
redhat/fuse 7.11
redhat/integration_camel_k
redhat/integration_camel_quarkus 2.2.1
... and 2 more
Published Aug 24, 2022
Tracked Since Feb 18, 2026