Description
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
References (3)
Core 3
Core References
Mailing List mailing-list
https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ
Issue Tracking issue-tracking
https://github.com/kubernetes/kubernetes/issues/134063
Scores
CVSS v3
6.8
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (3)
Kubernetes/Kubernetes CSharp Client
< 17.0.13
Kubernetes/Kubernetes CSharp Client
17.0.14
nuget/KubernetesClient
0 - 17.0.14NuGet
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026