CVE-2026-25518Improper Validation of Array Index in Cert-manager Cert-manager

CWE-129Improper Validation of Array IndexCWE-704Incorrect Type Conversion or CastCWE-1285Improper Validation of Specified Index, Position, or Offset in Input6 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 95.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Cert-manager Cert-managerCert-manager
Timeline
PublishedFeb 4
Latest updateFeb 19

Description

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the c

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDcert-manager/cert-manager1.18.01.18.5+1
Gogithub.com/cert-manager_cert-manager1.18.01.18.5+1
CVEListV5cert-manager/cert-manager>= 1.18.0, < 1.18.5, >= 1.19.0, < 1.19.3+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
DoS in cert-manager-controller via Specially Crafted DNS Response in github.com/cert-manager/cert-manager2026-02-19
OSV
cert-manager-controller DoS via Specially Crafted DNS Response2026-02-02
GHSA
cert-manager-controller DoS via Specially Crafted DNS Response2026-02-02

📋Vendor Advisories

1
Red Hat
github.com/cert-manager/cert-manager: cert-manager: Denial of Service via crafted DNS entry2026-02-04

🕵️Threat Intelligence

1
Wiz
CVE-2026-25518 Impact, Exploitability, and Mitigation Steps | Wiz