CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Iguazio: >> Nuclio >> 0.3.1 Security Vulnerabilities

CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20.

CVSS Score

8.9

EPSS Score

0.003

Published

2026-03-06

Page 1

Vulnerabilities

Vulnerable Software

Iguazio: >> Nuclio >> 0.3.1 Security Vulnerabilities

Products

Pricing

Contact Us