CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-39429

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.7%

CVSS Severity

CVSS v3 Score 8.2

References

https://github.com/kcp-dev/kcp/releases/tag/v0.29.3
https://github.com/kcp-dev/kcp/releases/tag/v0.30.3
https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p

Products affected by CVE-2026-39429

Kcp » Kcp » Version: Any

cpe:2.3:a:kcp:kcp:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39429

Products

Pricing

Contact Us