Sign In

CVE-2026-25518

ADVISORY - github

Summary

Impact

The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS.

An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller.

The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor.

Patches

The vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing.

cert-manager versions prior to v1.18.0 are unaffected.

Workarounds

  • Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified.
    • Note that DNS-over-HTTPS does not prevent the risk of an attacker-controlled authoritative DNS server.

Resources

Credits

Huge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch!

EPSS Score: 0.00014 (0.025)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-129

Improper Validation of Array Index

CWE-704

Incorrect Type Conversion or Cast

ADVISORY - github

CWE-129

Improper Validation of Array Index

CWE-704

Incorrect Type Conversion or Cast

ADVISORY - redhat

CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-25518
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-129CWE-704

CVSS SCORE

5.9medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-gx3x-vq4p-mhhv
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-129CWE-704

CVSS SCORE

5.9medium

GoLang

CREATED

UPDATED

ADVISORY IDGO-2026-4399
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-cert-manager-2026-25518

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-25518
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1285

CVSS SCORE

5.9medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-qm3q-p7pc-4f3c

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-334r-v2v4-mvqr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-4hp9-7xj7-88wj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-fqq8-g4c8-jw99

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-fwx2-p2gv-9gff

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-j5wr-8c7v-693q

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-p3x4-m78v-38fm

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-pr78-2365-c7rh

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-vp93-xx9v-hwqv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY