216.73.216.133

CVE-2026-25518

· Published 04/02/2026 22:15 · Modified 05/02/2026 14:57

Labels: CVE-2026-25518 2026-02-04CVE-2026-25518CWE-129[email protected]

Essential information

Published
04/02/2026 22:15
Modified
05/02/2026 14:57
Author
Creator
CVSS
5.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in denial‑of‑service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. This issue has been patched in versions 1.18.5 and 1.19.3.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
jetstack / cert-manager cpe:2.3:a:jetstack:cert-manager:1.18.0-1.18.4:*:*:*:*:*:*:*
jetstack / cert-manager cpe:2.3:a:jetstack:cert-manager:1.19.0-1.19.2:*:*:*:*:*:*:*

References