Volerion logoVolerion
Volerion logoVolerion

NeuVector Command Injection Vulnerability in Enforcer Component

Vulnerability

A command injection vulnerability has been identified in NeuVector's enforcer component, specifically in versions 5.3.0 through 5.4.6. The issue arises because the enforcer uses the environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to create commands executed via the popen function, without properly sanitizing these values. This vulnerability allows a malicious user to inject harmful commands through the environment variables within the enforcer container.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands within the enforcer container. Additionally, this vulnerability could lead to a buffer overflow.

Remediation

Users are advised to upgrade to NeuVector version 5.4.7 or 5.3.5, both of which contain the necessary patch. In the patched versions, the monitor process validates the port numbers in the environment variables before executing commands, preventing the injection of malicious commands. There is no workaround available for this vulnerability.

Added: Oct 30, 2025, 10:21 AM
Updated: Oct 30, 2025, 3:20 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
10.0
exploitability
4.9
remediation
7.7
relevance
0.8
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.