← العودة للجدول
CVE-2026-52831
CVE-2026-52831 — Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell
📅 2026-07-08
🔴 Critical 🔥 PoC Only GHSA PoC Research Linux CVSS 10

📋 الوصف الكامل

## Summary Nuclio controller builds a `curl` invocation string for each cron trigger and stores it as the `args` of a Kubernetes CronJob container (`/bin/sh`, `-c`, ``). Two fields in the trigger specification flow into this string without adequate sanitization: - `event.headers` keys — interpolated verbatim inside double-quoted `--header` arguments (`lazy.go:2150`); any key containing `"

💻 الأنظمة المتأثرة

Microsoft Azure | Kubernetes | Docker

⚠️ نوع التهديد

PoC Research

🔗 CVE ID

CVE-2026-52831

📡 المصدر

GHSA

✅ الحلول والتخفيف

Update to v0.21.27

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←