Kcp-Dev Kcp vulnerabilities
2 known vulnerabilities affecting kcp-dev/kcp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-39429P2CRITICALCVSS 9.1v>= 0.30.0, < 0.30.3fixed in 0.29.32026-04-08
CVE-2026-39429 [CRITICAL] CWE-302 CVE-2026-39429: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnera
nvd
CVE-2025-29922P3CRITICALCVSS 9.6fixed in 0.26.32025-03-20
CVE-2025-29922 [CRITICAL] CWE-285 CVE-2025-29922: kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By design, this should only be allowed when the workspa
nvd