Confused Deputy in Kubernetes

GHSA-vw47-mr44-3jf9 · CVE-2021-25740

Published Sep 21, 2021 · Modified Jun 9, 2026

Description

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-25740
WEB https://github.com/kubernetes/kubernetes/issues/103675
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE
WEB https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves
WEB https://security.netapp.com/advisory/ntap-20211014-0001

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes