CVE-2026-25518

MEDIUM EPSS 26.8%
Published Feb 4, 20264mo ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in denial‑of‑service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. This issue has been patched in versions 1.18.5 and 1.19.3.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
26.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-129
CWE-704

Affected Products 2

VendorProductVersionRange
cert-managercert-manager*≥1.18.0  –  <1.18.5
cert-managercert-manager*≥1.19.0  –  <1.19.3

References 7

  • github.com https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc
    Patch
  • github.com https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d
    Patch
  • github.com https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2
    Patch
  • github.com https://github.com/cert-manager/cert-manager/pull/8467
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/pull/8468
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/pull/8469
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv
    MitigationPatchVendor Advisory

Remediation

  • github.com https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc
    Patch
  • github.com https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d
    Patch
  • github.com https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2
    Patch
  • github.com https://github.com/cert-manager/cert-manager/pull/8467
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/pull/8468
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/pull/8469
    Issue TrackingPatch
  • github.com https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv
    MitigationPatchVendor Advisory