Vulnerability-Lookup

CVE-2026-39429 (GCVE-0-2026-39429)

Vulnerability from cvelistv5 – Published: 2026-04-08 20:16 – Updated: 2026-04-10 20:49

Title

kcp's cache server is accessible without authentication or authorization checks

Summary

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-862 - Missing Authorization
CWE-302 - Authentication Bypass by Assumed-Immutable Data

Assigner

GitHub_M

References

URL

Tags

	https://github.com/kcp-dev/kcp/security/advisorie…	x_refsource_CONFIRM
	https://github.com/kcp-dev/kcp/releases/tag/v0.29.3	x_refsource_MISC
	https://github.com/kcp-dev/kcp/releases/tag/v0.30.3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kcp-dev	kcp	Affected: >= 0.30.0, < 0.30.3 Affected: < 0.29.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:49:20.729406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:49:31.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kcp",
          "vendor": "kcp-dev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.30.0, \u003c 0.30.3"
            },
            {
              "status": "affected",
              "version": "\u003c 0.29.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-302",
              "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T20:16:04.015Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p"
        },
        {
          "name": "https://github.com/kcp-dev/kcp/releases/tag/v0.29.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.29.3"
        },
        {
          "name": "https://github.com/kcp-dev/kcp/releases/tag/v0.30.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.30.3"
        }
      ],
      "source": {
        "advisory": "GHSA-3j3q-wp9x-585p",
        "discovery": "UNKNOWN"
      },
      "title": "kcp\u0027s cache server is accessible without authentication or authorization checks"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-39429",
    "datePublished": "2026-04-08T20:16:04.015Z",
    "dateReserved": "2026-04-07T00:23:30.596Z",
    "dateUpdated": "2026-04-10T20:49:31.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-39429\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-08T21:16:59.313\",\"lastModified\":\"2026-04-08T21:26:13.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-302\"},{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://github.com/kcp-dev/kcp/releases/tag/v0.29.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/kcp-dev/kcp/releases/tag/v0.30.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39429\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-10T20:49:20.729406Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-10T20:49:27.033Z\"}}], \"cna\": {\"title\": \"kcp\u0027s cache server is accessible without authentication or authorization checks\", \"source\": {\"advisory\": \"GHSA-3j3q-wp9x-585p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"kcp-dev\", \"product\": \"kcp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.30.0, \u003c 0.30.3\"}, {\"status\": \"affected\", \"version\": \"\u003c 0.29.3\"}]}], \"references\": [{\"url\": \"https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p\", \"name\": \"https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/kcp-dev/kcp/releases/tag/v0.29.3\", \"name\": \"https://github.com/kcp-dev/kcp/releases/tag/v0.29.3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/kcp-dev/kcp/releases/tag/v0.30.3\", \"name\": \"https://github.com/kcp-dev/kcp/releases/tag/v0.30.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-302\", \"description\": \"CWE-302: Authentication Bypass by Assumed-Immutable Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-08T20:16:04.015Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-39429\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-10T20:49:31.041Z\", \"dateReserved\": \"2026-04-07T00:23:30.596Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-08T20:16:04.015Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-39429

Vulnerability from fkie_nvd - Published: 2026-04-08 21:16 - Updated: 2026-04-08 21:26

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/kcp-dev/kcp/releases/tag/v0.29.3
	security-advisories@github.com	https://github.com/kcp-dev/kcp/releases/tag/v0.30.3
	security-advisories@github.com	https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3."
    }
  ],
  "id": "CVE-2026-39429",
  "lastModified": "2026-04-08T21:26:13.410",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-08T21:16:59.313",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.29.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.30.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-302"
        },
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-3J3Q-WP9X-585P

Vulnerability from github – Published: 2026-04-08 15:04 – Updated: 2026-04-09 14:28

Summary

kcp's cache server is accessible without authentication or authorization checks

Details

Summary

The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server.

Details

The cache server is routed in the pre-mux chain in the shard code. The preHandlerChainMux is handled before any authn/authz in the cache server: https://github.com/kcp-dev/kcp/blob/aaf93d59cbcd0cefb70d94bd8959ce390547c4a2/pkg/server/config.go#L514-L518

This results in the cache server being proxied before any authn/authz in the handler chain takes place.

Attack Vectors

1. Unauthenticated Read Access (Primary)

An attacker can read all replicated resources from the cache without any credentials. This exposes:

Category	Resources	Severity	Reason
RBAC	clusterroles, clusterrolebindings (filtered by annotation)	High	Only subset with `internal.kcp.io/replicate` annotation: access rules, APIExport bind/content rules, WorkspaceType use rules. Reveals permission structure for API access and tenancy. Roles/RoleBindings NOT replicated.
Infrastructure	logicalclusters, shards	High	Reveals full cluster topology and shard configuration
API surface	apiexports, apiexportendpointslices, apiresourceschemas	High	Reveals all exported APIs and their network endpoints
Admission control	mutatingwebhookconfigurations, validatingwebhookconfigurations, validatingadmissionpolicies	High	Reveals admission policies, aids bypass
Tenancy	workspacetypes	Medium	Reveals workspace structure
Cache metadata	cachedobjects, cachedresources, cachedresourceendpointslices	Medium	Exposes cache state and resource endpoints

2. Write Access with Race Condition (Secondary)

The cache server allows full CRUD operations. While injected objects are cleaned up by the replication controller, a race condition exists that could allow temporary privilege escalation.

The race window:

Attacker POSTs a malicious ClusterRole + ClusterRoleBinding to the cache server
Cache etcd watch fires and notifies two consumers in parallel: 2.1. The authorization informer (CacheKubeSharedInformerFactory) updates its in-memory store — the GlobalAuthorizer and WorkspaceContentAuthorizer now see the injected RBAC rules 2.2. The replication controller's informer enqueues a reconcile to its workqueue
Replication controller worker dequeues, calls getLocalCopy() → not found, deletes the object

Between steps 2 and 3, any API request hitting the GlobalAuthorizer (global_authorizer.go:89-101) would evaluate RBAC against a store that includes the attacker's injected rules. The authorization informer and the replication controller share the same CacheKubeSharedInformerFactory (config.go:361), so the object is visible to authorization as soon as the informer cache updates — before the replication controller can process and delete it.

Practical exploitability is low — the window is sub-second, requiring the attacker to fire the privileged API request with precise timing. However, it could be automated in a tight loop. The workqueue rate limiter could also widen the window under load.

Self-healing mechanism: The replication controller acts as a self-healing mechanism. Objects injected into the cache are deleted almost instantly because:

Creating an object in cache triggers the cache informer Replication controller reconciles, calls getLocalCopy() → not found Controller calls deleteObject() on the cache copy (replication_reconcile.go:157-168)

Replicatable

Start a kcp root shard and query the cache server, e.g. with:

curl --insecure 'https://root.vespucci.genericcontrolplane.io:6443/services/cache/shards/root/clusters/root/apis/apis.kcp.io/v1alpha1'

Workarounds

Network-level access control: Restrict access to /services/cache/* paths at the load balancer, reverse proxy, or firewall level. External cache server: Deploy the cache server separately with its own kubeconfig (--cache-server-kubeconfig) and restrict network access to it.

Impact

Who is affected: Any kcp deployment where the root shard is network-reachable by untrusted clients. This applies when:

Helm chart deployments: Affected if the shard's Service or Ingress exposes port 6443 externally.
Operator deployments: Affected if the Shard resource has spec.externalURL set (or spec.baseURL — externalURL defaults to baseURL if unset). When a shard has an external URL, clients route to it directly, exposing the /services/cache/* path.
Any deployment method: If the root shard's --shard-external-url is set and reachable from untrusted networks, the cache server is exposed.

Not affected: Deployments where the root shard is behind a front-proxy and is not directly reachable. The front-proxy does not forward /services/cache/* requests.

Write persistence: The replication controller watches the cache informer and acts as a self-healing mechanism. Objects injected into the cache are deleted almost instantly (sub-second) because:

Creating an object in cache triggers the cache informer
Replication controller reconciles, calls getLocalCopy() → not found
Controller calls deleteObject() on the cache copy (replication_reconcile.go:157-168)

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kcp-dev/kcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.30.0"
            },
            {
              "fixed": "0.30.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kcp-dev/kcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.29.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-302",
      "CWE-306",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-08T15:04:22Z",
    "nvd_published_at": "2026-04-08T21:16:59Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe cache server is directly exposed by the root shard and has no authentication or authorization in place.\nThis allows anyone who can access the root shard to read and write to the cache server.\n\n### Details\n\nThe cache server is routed in the pre-mux chain in the shard code. \nThe preHandlerChainMux is handled before any authn/authz in the cache server: \nhttps://github.com/kcp-dev/kcp/blob/aaf93d59cbcd0cefb70d94bd8959ce390547c4a2/pkg/server/config.go#L514-L518\n\nThis results in the cache server being proxied before any authn/authz in the handler chain takes place.\n\n### Attack Vectors\n\n#### 1. Unauthenticated Read Access (Primary)\nAn attacker can read all replicated resources from the cache without any credentials. This exposes:\n\n| Category | Resources | Severity | Reason |\n|---|---|---|---|\n| RBAC | clusterroles, clusterrolebindings (filtered by annotation) | High | Only subset with `internal.kcp.io/replicate` annotation: access rules, APIExport bind/content rules, WorkspaceType use rules. Reveals permission structure for API access and tenancy. Roles/RoleBindings NOT replicated. |\n| Infrastructure | logicalclusters, shards | High | Reveals full cluster topology and shard configuration |\n| API surface | apiexports, apiexportendpointslices, apiresourceschemas | High | Reveals all exported APIs and their network endpoints |\n| Admission control | mutatingwebhookconfigurations, validatingwebhookconfigurations, validatingadmissionpolicies | High | Reveals admission policies, aids bypass |\n| Tenancy | workspacetypes | Medium | Reveals workspace structure |\n| Cache metadata | cachedobjects, cachedresources, cachedresourceendpointslices | Medium | Exposes cache state and resource endpoints |\n\n#### 2. Write Access with Race Condition (Secondary)\nThe cache server allows full CRUD operations. While injected objects are cleaned up by the replication controller, a race condition exists that could allow temporary privilege escalation.\n\n#### The race window:\n\n1. Attacker POSTs a malicious ClusterRole + ClusterRoleBinding to the cache server\n2. Cache etcd watch fires and notifies two consumers in parallel:\n2.1. The authorization informer (CacheKubeSharedInformerFactory) updates its in-memory store \u2014 the GlobalAuthorizer and WorkspaceContentAuthorizer now see the injected RBAC rules\n2.2. The replication controller\u0027s informer enqueues a reconcile to its workqueue\n3. Replication controller worker dequeues, calls getLocalCopy() \u2192 not found, deletes the object\n\nBetween steps 2 and 3, any API request hitting the GlobalAuthorizer ([global_authorizer.go:89-101](https://github.com/kcp-dev/kcp/blob/aaf93d59c/pkg/authorization/global_authorizer.go#L89-L101)) would evaluate RBAC against a store that includes the attacker\u0027s injected rules. The authorization informer and the replication controller share the same CacheKubeSharedInformerFactory ([config.go:361](https://github.com/kcp-dev/kcp/blob/aaf93d59c/pkg/server/config.go#L361)), so the object is visible to authorization as soon as the informer cache updates \u2014 before the replication controller can process and delete it.\n\n**Practical exploitability is low** \u2014 the window is sub-second, requiring the attacker to fire the privileged API request with precise timing. However, it could be automated in a tight loop. The workqueue rate limiter could also widen the window under load.\n\n**Self-healing mechanism:** The replication controller acts as a self-healing mechanism. Objects injected into the cache are deleted almost instantly because:\n\nCreating an object in cache triggers the cache informer\nReplication controller reconciles, calls getLocalCopy() \u2192 not found\nController calls deleteObject() on the cache copy ([replication_reconcile.go:157-168](https://github.com/kcp-dev/kcp/blob/aaf93d59c/pkg/reconciler/cache/replication/replication_reconcile.go#L157-L168))\n\n### Replicatable \n\nStart a kcp root shard and query the cache server, e.g. with:\n\n```sh\ncurl --insecure \u0027https://root.vespucci.genericcontrolplane.io:6443/services/cache/shards/root/clusters/root/apis/apis.kcp.io/v1alpha1\u0027\n```\n\n### Workarounds\n\nNetwork-level access control: Restrict access to /services/cache/* paths at the load balancer, reverse proxy, or firewall level.\nExternal cache server: Deploy the cache server separately with its own kubeconfig (--cache-server-kubeconfig) and restrict network access to it.\n\n### Impact\n\nWho is affected: Any kcp deployment where the root shard is network-reachable by untrusted clients. This applies when:\n\n- **Helm chart deployments:** Affected if the shard\u0027s Service or Ingress exposes port 6443 externally.\n- **Operator deployments:** Affected if the Shard resource has spec.externalURL set (or spec.baseURL \u2014 externalURL defaults to baseURL if unset). When a shard has an external URL, clients route to it directly, exposing the /services/cache/* path.\n- **Any deployment method:** If the root shard\u0027s --shard-external-url is set and reachable from untrusted networks, the cache server is exposed.\n\n**Not affected:** Deployments where the root shard is behind a front-proxy and is not directly reachable. The front-proxy does not forward /services/cache/* requests.\n\n**Write persistence:** The replication controller watches the cache informer and acts as a self-healing mechanism. Objects injected into the cache are deleted almost instantly (sub-second) because:\n\n- Creating an object in cache triggers the cache informer\n- Replication controller reconciles, calls getLocalCopy() \u2192 not found\n- Controller calls deleteObject() on the cache copy ([replication_reconcile.go:157-168](https://github.com/kcp-dev/kcp/blob/aaf93d59c/pkg/reconciler/cache/replication/replication_reconcile.go#L157-L168))",
  "id": "GHSA-3j3q-wp9x-585p",
  "modified": "2026-04-09T14:28:52Z",
  "published": "2026-04-08T15:04:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39429"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kcp-dev/kcp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.29.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kcp-dev/kcp/releases/tag/v0.30.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "kcp\u0027s cache server is accessible without authentication or authorization checks"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-39429 (GCVE-0-2026-39429)

FKIE_CVE-2026-39429

GHSA-3J3Q-WP9X-585P

Summary

Details

Attack Vectors

1. Unauthenticated Read Access (Primary)

2. Write Access with Race Condition (Secondary)

The race window:

Replicatable

Workarounds

Impact

Tags

Sightings

Nomenclature