Primary

Context

Microsoft Azure Kubernetes Service Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in Microsoft Azure Kubernetes Service (AKS), allowing an authorized attacker to execute code locally. This issue arises from improper restrictions on pathnames, enabling exploitation by breaking out of a container and gaining control of the AKS worker node.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the AKS worker node, allowing an attacker to gain control over the node.

Remediation

Users can download the security update for Azure Kubernetes Service from the Microsoft GitHub repository for Agent Baker, specifically version v0.20260213.5.

Added: Jun 9, 2026, 8:49 PM

Updated: Jun 9, 2026, 8:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Kubernetes Service Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Azure Kubernetes Service

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating