VIR Vulnerability Intelligence Relay

CVE-2026-44514

medium
Published 2026-05-14 · Modified 2026-05-14
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS v2
VIR risk
6.5

Description

Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/kubetail-org/kubetail/modules/dashboard<0.14.00.14.0
golang Gogithub.com/kubetail-org/kubetail/modules/cli<0.16.00.16.0
golang GOgithub.com/kubetail-org/kubetail/modules/cli< 0.16.00.16.0
golang GOgithub.com/kubetail-org/kubetail/modules/dashboard< 0.14.00.14.0

References

CWEs

CWE-1385

Verify integrity in audit chain (admin only). AS-IS.