CVE-2026-27173

Kubernetes · Executors

A security flaw in Kubernetes Executors causes the exposure of worker JWT tokens to users with read-only access to Pods.

Executive summary

An information disclosure vulnerability in Kubernetes Executors may allow unauthorized access to sensitive JWT tokens, leading to potential privilege escalation.

Vulnerability

This vulnerability involves the improper handling of JSON Web Tokens (JWT) used by workers, which are inadvertently exposed to users possessing only read-only access to Kubernetes Pods. This allows authenticated users with limited privileges to gain unauthorized access to credentials intended for worker processes.

Business impact

The exposure of JWT tokens significantly lowers the barrier for privilege escalation and unauthorized API access within the cluster. With a CVSS score of 8.7, this is a High-severity risk that could result in the total compromise of containerized workloads or unauthorized access to sensitive cluster management functions.

Remediation

Immediate Action: Audit current Kubernetes configurations and apply vendor-supplied security patches to the affected Executor components as soon as they are made available.

Proactive Monitoring: Review Kubernetes audit logs for suspicious activity involving the use of leaked worker tokens or unauthorized attempts to access sensitive Pod information.

Compensating Controls: Enforce the principle of least privilege using RBAC policies to further restrict access to Pod information, reducing the window of opportunity for token harvesting.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability represents a critical failure in credential isolation within the Kubernetes ecosystem. Administrators should prioritize identifying vulnerable Executor instances and apply updates immediately to prevent unauthorized cluster-wide access.