CVE-2026-44514: CWE-1385: Missing Origin Validation in WebSockets in kubetail-org kubetail
Kubetail versions prior to 0. 14. 0 have a vulnerability in their WebSocket endpoints where the Origin header is not properly validated. This allows a malicious web page visited by a user with an active Kubetail session to open a WebSocket connection to the user's dashboard and read Kubernetes logs in real time. This Cross-Site WebSocket Hijacking (CSWSH) vulnerability affects both desktop and cluster deployments. The issue is fixed in version 0. 14. 0.
AI Analysis
Technical Summary
Kubetail, a real-time logging dashboard for Kubernetes, had a security flaw before version 0.14.0 where its WebSocket endpoints did not adequately validate the Origin header during connection upgrades. This missing origin validation (CWE-1385) enables a Cross-Site WebSocket Hijacking attack, allowing a malicious web page to connect to an active Kubetail dashboard session and read Kubernetes logs in real time. Both local desktop deployments and cluster deployments behind HTTP basic auth are affected. The vulnerability is addressed and fixed in Kubetail version 0.14.0.
Potential Impact
An attacker can exploit this vulnerability by tricking a user with an active Kubetail session into visiting a malicious web page, which then opens a WebSocket connection to the Kubetail dashboard and reads sensitive Kubernetes logs in real time. This compromises confidentiality of log data but does not affect integrity or availability. The CVSS 3.1 base score is 6.5 (medium severity), reflecting network attack vector, low complexity, no privileges required, user interaction required, unchanged scope, and high confidentiality impact.
Mitigation Recommendations
Upgrade Kubetail to version 0.14.0 or later, where this vulnerability is fixed by proper Origin header validation on WebSocket connections. No other mitigation is required as the fix is available and addresses the issue directly.
CVE-2026-44514: CWE-1385: Missing Origin Validation in WebSockets in kubetail-org kubetail
Description
Kubetail versions prior to 0. 14. 0 have a vulnerability in their WebSocket endpoints where the Origin header is not properly validated. This allows a malicious web page visited by a user with an active Kubetail session to open a WebSocket connection to the user's dashboard and read Kubernetes logs in real time. This Cross-Site WebSocket Hijacking (CSWSH) vulnerability affects both desktop and cluster deployments. The issue is fixed in version 0. 14. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Kubetail, a real-time logging dashboard for Kubernetes, had a security flaw before version 0.14.0 where its WebSocket endpoints did not adequately validate the Origin header during connection upgrades. This missing origin validation (CWE-1385) enables a Cross-Site WebSocket Hijacking attack, allowing a malicious web page to connect to an active Kubetail dashboard session and read Kubernetes logs in real time. Both local desktop deployments and cluster deployments behind HTTP basic auth are affected. The vulnerability is addressed and fixed in Kubetail version 0.14.0.
Potential Impact
An attacker can exploit this vulnerability by tricking a user with an active Kubetail session into visiting a malicious web page, which then opens a WebSocket connection to the Kubetail dashboard and reads sensitive Kubernetes logs in real time. This compromises confidentiality of log data but does not affect integrity or availability. The CVSS 3.1 base score is 6.5 (medium severity), reflecting network attack vector, low complexity, no privileges required, user interaction required, unchanged scope, and high confidentiality impact.
Mitigation Recommendations
Upgrade Kubetail to version 0.14.0 or later, where this vulnerability is fixed by proper Origin header validation on WebSocket connections. No other mitigation is required as the fix is available and addresses the issue directly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T18:28:20.887Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05fd9fec166c07b0f93183
Added to database: 5/14/2026, 4:51:43 PM
Last enriched: 5/14/2026, 5:08:14 PM
Last updated: 5/15/2026, 6:27:44 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.