CVE-2026-29955
published 2026-04-13CVE-2026-29955: The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()`…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.18%
80.1th percentile
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudark | kubeplus | <= 4.2.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2m2q-qgx4-j4mp: The `/registercrd` endpoint in KubePlus 4
ghsa_unreviewed·2026-04-13
CVE-2026-29955 GHSA-2m2q-qgx4-j4mp: The `/registercrd` endpoint in KubePlus 4
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.
VulDB
KubePlus 4.14 kubeconfiggenerator /registercrd subprocess.Popen chartName command injection
vuldb·2026-04-13
CVE-2026-29955 [CRITICAL] KubePlus 4.14 kubeconfiggenerator /registercrd subprocess.Popen chartName command injection
A vulnerability was found in KubePlus 4.14. It has been classified as critical. This impacts the function subprocess.Popen of the file /registercrd of the component kubeconfiggenerator. Performing a manipulation of the argument chartName results in command injection.
This vulnerability is identified as CVE-2026-29955. The attack can only be performed from the local network. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-13
Published