A vulnerability CVE-2026-52831 affecting github. versions < 0.0.0-20260601075854-3356b86a8bfa with affected versions All Nuclio versions that support Kubernetes CronJob-based cron triggers, which includes the current production release in NuclioFunction configurations allows attackers to inject malicious headers or body content into Kubernetes CronJobs, triggering arbitrary command execution. The exploit leverages misconfigured trigger attributes in Nuclio deployments, enabling unauthorized access to cluster resources. Attackers can embed shell commands within header keys or event bodies, which are then executed when the CronJob runs. This method bypasses standard input validation, allowing attackers to exfiltrate sensitive data like Kubernetes service account tokens or escalate privileges within the container environment. The exploitation process involves crafting a NuclioFunction with malicious headers containing shell injection payloads. When the CronJob is triggered, the injected commands execute in the container's shell context, even if parts of the payload fail (e.g., missing binaries). The attack sequence includes injecting a header key with embedded shell commands, creating a CronJob through Kubernetes API calls, and triggering execution via manual job creation. The resulting command chain executes as root within the container, demonstrating privilege escalation and data exfiltration capabilities. This method relies on misconfigured trigger attributes that fail to sanitize input before generating the CronJob specification. This vulnerability highlights risks in Kubernetes environments using Nuclio with insufficient input validation for trigger configurations. Attackers could exploit this to gain persistent access or steal credentials from service accounts. Defenders should audit NuclioFunction triggers for unsafe header/body content and monitor for unexpected CronJobs or command executions. Regular validation of container runtime permissions and separation of duties in Kubernetes clusters can mitigate risks from misconfigured function deployments.
We recommend you to update nuclio to version 0.0.0-20260601075854-3356b86a8bfa.[/subscribe_to_unlock_form]
A vulnerability CVE-2026-52831 affecting github. versions < 0.0.0-20260601075854-3356b86a8bfa with affected versions All Nuclio versions that support Kubernetes CronJob-based cron triggers, which includes the current production release in NuclioFunction configurations allows attackers to inject malicious headers or body content into Kubernetes CronJobs, triggering arbitrary command execution. The exploit leverages misconfigured trigger attributes in Nuclio deployments, enabling unauthorized access to cluster resources. Attackers can embed shell commands within header keys or event bodies, which are then executed when the CronJob runs. This method bypasses standard input validation, allowing attackers to exfiltrate sensitive data like Kubernetes service account tokens or escalate privileges within the container environment. The exploitation process involves crafting a NuclioFunction with malicious headers containing shell injection payloads. When the CronJob is triggered, the injected commands execute in the container's shell context, even if parts of the payload fail (e.g., missing binaries). The attack sequence includes injecting a header key with embedded shell commands, creating a CronJob through Kubernetes API calls, and triggering execution via manual job creation. The resulting command chain executes as root within the container, demonstrating privilege escalation and data exfiltration capabilities. This method relies on misconfigured trigger attributes that fail to sanitize input before generating the CronJob specification. This vulnerability highlights risks in Kubernetes environments using Nuclio with insufficient input validation for trigger configurations. Attackers could exploit this to gain persistent access or steal credentials from service accounts. Defenders should audit NuclioFunction triggers for unsafe header/body content and monitor for unexpected CronJobs or command executions. Regular validation of container runtime permissions and separation of duties in Kubernetes clusters can mitigate risks from misconfigured function deployments.
We recommend you to update nuclio to version 0.0.0-20260601075854-3356b86a8bfa.[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]