CVE-2026-24005

Published: Feb 25, 2026Modified: Mar 5, 2026

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Exploitability: 2.8 / Impact: 4.7

Source: NVD

Description

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue.

Affected (2)

Products: Openkruise: Kruise

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openkruise Kruise	Before 1.7.5
Openkruise Kruise	From 1.8.0 to 1.8.3

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/openkruise/kruise/commit/94364b76adf3e8a1749a31afe809a163bed29613

Source: security-advisories@github.com

Patch

https://github.com/openkruise/kruise/releases/tag/v1.7.5

Source: security-advisories@github.com

ProductRelease Notes

https://github.com/openkruise/kruise/releases/tag/v1.8.3

Source: security-advisories@github.com

ProductRelease Notes

https://github.com/openkruise/kruise/security/advisories/GHSA-9fj4-3849-rv9g

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

Timeline

No history available yet.