Home / Vulnerability Intelligence / CVE-2026-29955

CVE-2026-29955 - Vulnerability Analysis

N/a

Last Updated: April 13, 2026

KubePlus - Command Injection

Published: April 13, 2026Updated: April 13, 2026PoC Available

Overview

KubePlus 4.14 kubeconfiggenerator component contains a command injection caused by unsanitized user input in the chartName parameter used with subprocess.Popen(shell=True), letting attackers execute arbitrary shell commands remotely, exploit requires crafted chartName parameter.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary shell commands remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version with proper input sanitization or validation for the chartName parameter.

References

https://gist.github.com/b0b0haha/f011fdd69adc3ae272a4e3b99af90163
https://github.com/b0b0haha/CVE-2026-29955/blob/main/README.md

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29955
Severity: N/a
Type: command_injection
Status: new

CVSS Metrics

N/A