Skip to content

fix: CVE-2026-33186#1077

Merged
andyzhangx merged 1 commit intokubernetes-csi:release-4.13from
andyzhangx:CVE-2026-33186
Mar 23, 2026
Merged

fix: CVE-2026-33186#1077
andyzhangx merged 1 commit intokubernetes-csi:release-4.13from
andyzhangx:CVE-2026-33186

Conversation

@andyzhangx
Copy link
Copy Markdown
Member

@andyzhangx andyzhangx commented Mar 23, 2026

What type of PR is this?
/kind bug

What this PR does / why we need it:
fix: CVE-2026-33186

azurefileplugin (gobinary)
==========================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

┌────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│        Library         │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                          Title                          │
├────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ google.golang.org/grpc │ CVE-2026-33186 │ CRITICAL │ fixed  │ v1.72.0           │ 1.79.3        │ gRPC-Go has an authorization bypass via missing leading │
│                        │                │          │        │                   │               │ slash in :path                                          │
│                        │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-33186              │
└────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. labels Mar 23, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 23, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Mar 23, 2026
@andyzhangx andyzhangx merged commit e8b39b7 into kubernetes-csi:release-4.13 Mar 23, 2026
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jingxu97 jingxu97 Awaiting requested review from jingxu97

@xing-yang xing-yang Awaiting requested review from xing-yang

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andyzhangx @k8s-ci-robot