Threat Advisory

OpenCost Vulnerability Exposes Credential Overwrite

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-44300 with a CVSS score of 8.8 is a high-severity vulnerability in the OpenCost service, specifically affecting versions of the opencost package prior to 1.119.1, which allows an unauthenticated file write vulnerability in the `/serviceKey` endpoint, enabling remote attackers to overwrite the GCP service account key file without authentication. This vulnerability can be exploited by sending a POST request to the `/serviceKey` endpoint with malicious user-supplied data, requiring only network access to the vulnerable endpoint, and the attacker gains the capability to disrupt service, steal credentials, and potentially escalate privileges within Kubernetes clusters. The business impact of this vulnerability is significant, as it can lead to service disruption, financial loss, and reputational damage, and the prerequisites for exploitation include a Kubernetes cluster and network accessibility to the OpenCost service, with the vulnerable file path determined by the `CONFIG_PATH` environment variable, making it predictable and susceptible to overwrite attacks.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-44300 with a CVSS score of 8.8 is a high-severity vulnerability in the OpenCost service, specifically affecting versions of the opencost package prior to 1.119.1, which allows an unauthenticated file write vulnerability in the `/serviceKey` endpoint, enabling remote attackers to overwrite the GCP service account key file without authentication. This vulnerability can be exploited by sending a POST request to the `/serviceKey` endpoint with malicious user-supplied data, requiring only network access to the vulnerable endpoint, and the attacker gains the capability to disrupt service, steal credentials, and potentially escalate privileges within Kubernetes clusters. The business impact of this vulnerability is significant, as it can lead to service disruption, financial loss, and reputational damage, and the prerequisites for exploitation include a Kubernetes cluster and network accessibility to the OpenCost service, with the vulnerable file path determined by the `CONFIG_PATH` environment variable, making it predictable and susceptible to overwrite attacks.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update OpenCost to version 1.119.1.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-wmj8-9953-vff5

[/emaillocker]
crossmenu