216.73.216.67

CVE-2026-55175

· Published 11/07/2026 01:16 · Author: The MITRE Corporation

Labels: CVE-2026-55175

Essential information

Published
11/07/2026 01:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CWE-502
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.

NVD status

NVD
View on NVD