GHSA-f5mr-q85p-6hh6: Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage
Fulcio versions prior to 1.8.6 contain multiple vulnerabilities in the OIDC Discovery client, including blind SSRF via cross-host redirects, JWKS substitution leading to cache poisoning, and leakage of Kubernetes ServiceAccount tokens to unauthorized hosts. These issues arise from improper handling of HTTP redirects and token attachment during OIDC metadata discovery. The vulnerabilities allow attackers to redirect discovery requests to internal systems, poison verification key caches, and leak sensitive tokens. The issues have been addressed in version 1.8.6 by blocking cross-host redirects, restricting token injection to exact host matches, and limiting local token loading to the Kubernetes API server URL.
AI Analysis
Technical Summary
Three security vulnerabilities were identified in Fulcio's OIDC Discovery client prior to version 1.8.6: (1) Blind SSRF via cross-host HTTP redirects during OIDC discovery metadata fetching, allowing attackers to redirect requests to internal-only systems; (2) JWKS substitution and cache poisoning by manipulating the discovery flow to return malicious jwks_uri values, poisoning the verifier cache with attacker keys; (3) Kubernetes ServiceAccount token leakage due to the token being attached globally to outbound requests, including those redirected to or targeting external hosts, especially when wildcard MetaIssuers of type kubernetes were configured. The vulnerabilities were mitigated by blocking cross-host redirects, restricting token injection to exact host matches, and constraining local token loading to the local Kubernetes API server URL. Users must upgrade to version 1.8.6 to remediate these issues.
Potential Impact
Successful exploitation can lead to blind server-side request forgery (SSRF) allowing attackers to make internal network requests via Fulcio, poisoning of the JWKS verifier cache enabling acceptance of attacker-signed tokens, and leakage of Kubernetes ServiceAccount tokens to unauthorized external hosts. This can compromise the integrity of token verification and expose sensitive credentials, potentially impacting confidentiality and integrity of systems relying on Fulcio for OIDC authentication.
Mitigation Recommendations
Upgrade to Fulcio version 1.8.6 or later, which includes fixes that block cross-host redirects during OIDC discovery, restrict ServiceAccount token injection to exact issuer hosts, and limit local token loading to the Kubernetes API server URL. No workarounds are available; applying the official patch is required to mitigate these vulnerabilities.
GHSA-f5mr-q85p-6hh6: Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage
Description
Fulcio versions prior to 1.8.6 contain multiple vulnerabilities in the OIDC Discovery client, including blind SSRF via cross-host redirects, JWKS substitution leading to cache poisoning, and leakage of Kubernetes ServiceAccount tokens to unauthorized hosts. These issues arise from improper handling of HTTP redirects and token attachment during OIDC metadata discovery. The vulnerabilities allow attackers to redirect discovery requests to internal systems, poison verification key caches, and leak sensitive tokens. The issues have been addressed in version 1.8.6 by blocking cross-host redirects, restricting token injection to exact host matches, and limiting local token loading to the Kubernetes API server URL.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Three security vulnerabilities were identified in Fulcio's OIDC Discovery client prior to version 1.8.6: (1) Blind SSRF via cross-host HTTP redirects during OIDC discovery metadata fetching, allowing attackers to redirect requests to internal-only systems; (2) JWKS substitution and cache poisoning by manipulating the discovery flow to return malicious jwks_uri values, poisoning the verifier cache with attacker keys; (3) Kubernetes ServiceAccount token leakage due to the token being attached globally to outbound requests, including those redirected to or targeting external hosts, especially when wildcard MetaIssuers of type kubernetes were configured. The vulnerabilities were mitigated by blocking cross-host redirects, restricting token injection to exact host matches, and constraining local token loading to the local Kubernetes API server URL. Users must upgrade to version 1.8.6 to remediate these issues.
Potential Impact
Successful exploitation can lead to blind server-side request forgery (SSRF) allowing attackers to make internal network requests via Fulcio, poisoning of the JWKS verifier cache enabling acceptance of attacker-signed tokens, and leakage of Kubernetes ServiceAccount tokens to unauthorized external hosts. This can compromise the integrity of token verification and expose sensitive credentials, potentially impacting confidentiality and integrity of systems relying on Fulcio for OIDC authentication.
Mitigation Recommendations
Upgrade to Fulcio version 1.8.6 or later, which includes fixes that block cross-host redirects during OIDC discovery, restrict ServiceAccount token injection to exact issuer hosts, and limit local token loading to the Kubernetes API server URL. No workarounds are available; applying the official patch is required to mitigate these vulnerabilities.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-f5mr-q85p-6hh6
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-49478"]
- Ecosystems
- ["Go"]
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a4452e227e9c797198e1189
Added to database: 06/30/2026, 23:36:02 UTC
Last enriched: 06/30/2026, 23:47:40 UTC
Last updated: 07/01/2026, 03:32:15 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.