CVE-2026-29955 - Vulnerability Details

The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://gist.github.com/b0b0haha/f011fdd69adc3ae272a4e3b99af90163
https://github.com/b0b0haha/CVE-2026-29955/blob/main/README.md

History

Mon, 13 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.
References		https://gist.github.com/b0b0haha/f011fdd69adc3ae272a4e3b99af90163 https://github.com/b0b0haha/CVE-2026-29955/blob/main/README.md

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-13T00:00:00.000Z

Updated: 2026-04-13T17:58:35.361Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29955

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-13T19:16:39.137

Modified: 2026-04-13T19:16:39.137

Link: CVE-2026-29955

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object