CVE-2026-52724 with a CVSS score of 5.8 is a vulnerability affecting github.com/kumahq/kuma in the kuma-dp component, where the data plane connects to the control plane without properly verifying the TLS certificate when no Certificate Authority (CA) is configured. This flaw allows an on-path attacker to intercept the data plane authentication token and impersonate the control plane, enabling the injection of a forged bootstrap configuration and potential takeover of the proxy. The vulnerability impacts Universal mode kuma-dp deployments using an HTTPS control plane without proper CA certificate configuration, while standard Kubernetes installations deployed through official installers are not affected. The issue is caused by improper TLS certificate validation and can compromise the security of service mesh communications.
We recommend you to update github.com/kumahq/kuma/v2 and github.com/kumahq/kuma to below version: https://github.com/advisories/GHSA-wvmp-6r4v-j6cv[/subscribe_to_unlock_form]
CVE-2026-52724 with a CVSS score of 5.8 is a vulnerability affecting github.com/kumahq/kuma in the kuma-dp component, where the data plane connects to the control plane without properly verifying the TLS certificate when no Certificate Authority (CA) is configured. This flaw allows an on-path attacker to intercept the data plane authentication token and impersonate the control plane, enabling the injection of a forged bootstrap configuration and potential takeover of the proxy. The vulnerability impacts Universal mode kuma-dp deployments using an HTTPS control plane without proper CA certificate configuration, while standard Kubernetes installations deployed through official installers are not affected. The issue is caused by improper TLS certificate validation and can compromise the security of service mesh communications.
We recommend you to update github.com/kumahq/kuma/v2 and github.com/kumahq/kuma to below version: https://github.com/advisories/GHSA-wvmp-6r4v-j6cv[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]