CVE Catalog

CVE-2026-32193

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

Microsoft Azure Kubernetes Service has an improper limitation of a pathname to a restricted directory, leading to a 'path traversal' vulnerability. This allows an authorized attacker to execute code locally.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to run unauthorized code, potentially leading to serious security breaches in the system.

Recommendation

It is recommended to update Microsoft Azure Kubernetes Service to the latest version and implement additional security measures to mitigate the risk of 'path traversal' attacks.

Original NVD description (English source)

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS