Cert-Manager vulnerabilities

CVE-2026-25518 [MEDIUM] CWE-129 CVE-2026-25518: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery

CVE-2024-36537 [HIGH] CWE-284 CVE-2024-36537: Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.