CVE-2026-49478
Public on 2026-07-16
Modified on 2026-07-16
Description
A flaw was found in Fulcio's OpenID Connect (OIDC) Discovery client. This vulnerability allows a remote attacker to perform Server-Side Request Forgery (SSRF) by redirecting discovery requests to internal systems. Additionally, an attacker can manipulate the JSON Web Key Set (JWKS) Uniform Resource Identifier (URI) to poison the verifier cache with malicious keys, enabling the validation of attacker-controlled signatures. Furthermore, the flaw can lead to the leakage of Kubernetes ServiceAccount tokens to third-party hosts through cross-host redirects or misconfigured MetaIssuers, potentially exposing sensitive cluster credentials.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | amazon-cloudwatch-agent | Not Affected | ||
| Amazon Linux 2023 | amazon-cloudwatch-agent | Not Affected | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | amazon-ecr-credential-helper | Not Affected | ||
| Amazon Linux 2 - Docker Extra | amazon-ecr-credential-helper | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | amazon-ecr-credential-helper | Not Affected | ||
| Amazon Linux 2023 | amazon-ecr-credential-helper | Not Affected | ||
| Amazon Linux 2 - Core | amazon-ssm-agent | Not Affected | ||
| Amazon Linux 2023 | amazon-ssm-agent | Not Affected | ||
| Amazon Linux 2 - Core | cni-plugins | Not Affected | ||
| Amazon Linux 2023 | cni-plugins | Not Affected | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | Not Affected | ||
| Amazon Linux 2 - Docker Extra | containerd | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | containerd | Not Affected | ||
| Amazon Linux 2023 | containerd | Not Affected | ||
| Amazon Linux 2023 | credentials-fetcher | Not Affected | ||
| Amazon Linux 2 - Core | cri-tools | Not Affected | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | Not Affected | ||
| Amazon Linux 2 - Docker Extra | docker | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | docker | Not Affected | ||
| Amazon Linux 2023 | docker | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | ecs-init | Not Affected | ||
| Amazon Linux 2023 | ecs-init | Not Affected | ||
| Amazon Linux 2023 | git-lfs | Not Affected | ||
| Amazon Linux 2 - Core | golang | Not Affected | ||
| Amazon Linux 2023 | golang | Not Affected | ||
| Amazon Linux 2023 | golang-github-burntsushi-toml | Not Affected | ||
| Amazon Linux 2023 | golang-github-burntsushi-toml-test | Not Affected | ||
| Amazon Linux 2023 | golang-github-cpuguy83-md2man | Not Affected | ||
| Amazon Linux 2 - Core | golist | Not Affected | ||
| Amazon Linux 2023 | golist | Not Affected | ||
| Amazon Linux 2023 | libcap | Not Affected | ||
| Amazon Linux 2 - Core | nerdctl | Not Affected | ||
| Amazon Linux 2023 | nerdctl | Not Affected | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | oci-add-hooks | Not Affected | ||
| Amazon Linux 2 - Docker Extra | oci-add-hooks | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | oci-add-hooks | Not Affected | ||
| Amazon Linux 2023 | oci-add-hooks | Not Affected | ||
| Amazon Linux 2 - Core | rclone | Not Affected | ||
| Amazon Linux 2023 | rclone | Not Affected | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | runc | Not Affected | ||
| Amazon Linux 2 - Docker Extra | runc | Not Affected | ||
| Amazon Linux 2 - Ecs Extra | runc | Not Affected | ||
| Amazon Linux 2023 | runc | Not Affected | ||
| Amazon Linux 2 - Docker Extra | runfinch-finch | Pending Fix | ||
| Amazon Linux 2023 | runfinch-finch | Pending Fix | ||
| Amazon Linux 2 - Docker Extra | soci-snapshotter | Not Affected | ||
| Amazon Linux 2023 | soci-snapshotter | Not Affected | ||
| Amazon Linux 2023 | yq | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.2 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N |