Threats Tagged 'cve-2026-54495'
View all threats tagged with 'cve-2026-54495'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-54495'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-398h-7f66-3h4p: open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clustersCVE-2026-54495 0 The open-feature-operator allows cross-namespace referencing of FeatureFlagSource and InProcessConfiguration resources via a documented annotation syntax. On multi-tenant Kubernetes clusters that treat namespaces as trust boundaries, this can lead to tenant-to-tenant disclosure of sensitive spec contents such as inline environment variables, bearer tokens, and sync URIs. This behavior is intentional and documented, with the operator having cluster-wide RBAC scope. The vulnerability does not affect single-tenant clusters. Mitigations include avoiding plaintext secrets in CR spec fields and restricting create permissions via RBAC. A future release plans to remove implicit cross-namespace resolution by introducing cluster-scoped CRDs. Join the discussion | GCVE Database | 07/15/2026, 22:44:48 UTC Added: 07/16/2026, 10:35:48 UTC |
Showing 1 to 1 of 1 result