Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-25518
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-04 Feb, 2026 | 22:15
Updated At-05 Feb, 2026 | 14:57

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in denial‑of‑service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. This issue has been patched in versions 1.18.5 and 1.19.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-129Primarysecurity-advisories@github.com
CWE-704Primarysecurity-advisories@github.com
CWE ID: CWE-129
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-704
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2ccsecurity-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327dsecurity-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2security-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/pull/8467security-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/pull/8468security-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/pull/8469security-advisories@github.com
N/A
https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhvsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/pull/8467
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/pull/8468
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/pull/8469
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found