CVE-2026-49478

Public on 2026-07-16
Modified on 2026-07-16
Description
A flaw was found in Fulcio's OpenID Connect (OIDC) Discovery client. This vulnerability allows a remote attacker to perform Server-Side Request Forgery (SSRF) by redirecting discovery requests to internal systems. Additionally, an attacker can manipulate the JSON Web Key Set (JWKS) Uniform Resource Identifier (URI) to poison the verifier cache with malicious keys, enabling the validation of attacker-controlled signatures. Furthermore, the flaw can lead to the leakage of Kubernetes ServiceAccount tokens to third-party hosts through cross-host redirects or misconfigured MetaIssuers, potentially exposing sensitive cluster credentials.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
8.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Not Affected
Amazon Linux 2023 amazon-cloudwatch-agent Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2023 amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Core amazon-ssm-agent Not Affected
Amazon Linux 2023 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core cni-plugins Not Affected
Amazon Linux 2023 cni-plugins Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd Not Affected
Amazon Linux 2 - Docker Extra containerd Not Affected
Amazon Linux 2 - Ecs Extra containerd Not Affected
Amazon Linux 2023 containerd Not Affected
Amazon Linux 2023 credentials-fetcher Not Affected
Amazon Linux 2 - Core cri-tools Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker Not Affected
Amazon Linux 2 - Docker Extra docker Not Affected
Amazon Linux 2 - Ecs Extra docker Not Affected
Amazon Linux 2023 docker Not Affected
Amazon Linux 2 - Ecs Extra ecs-init Not Affected
Amazon Linux 2023 ecs-init Not Affected
Amazon Linux 2023 git-lfs Not Affected
Amazon Linux 2 - Core golang Not Affected
Amazon Linux 2023 golang Not Affected
Amazon Linux 2023 golang-github-burntsushi-toml Not Affected
Amazon Linux 2023 golang-github-burntsushi-toml-test Not Affected
Amazon Linux 2023 golang-github-cpuguy83-md2man Not Affected
Amazon Linux 2 - Core golist Not Affected
Amazon Linux 2023 golist Not Affected
Amazon Linux 2023 libcap Not Affected
Amazon Linux 2 - Core nerdctl Not Affected
Amazon Linux 2023 nerdctl Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra oci-add-hooks Not Affected
Amazon Linux 2 - Docker Extra oci-add-hooks Not Affected
Amazon Linux 2 - Ecs Extra oci-add-hooks Not Affected
Amazon Linux 2023 oci-add-hooks Not Affected
Amazon Linux 2 - Core rclone Not Affected
Amazon Linux 2023 rclone Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc Not Affected
Amazon Linux 2 - Docker Extra runc Not Affected
Amazon Linux 2 - Ecs Extra runc Not Affected
Amazon Linux 2023 runc Not Affected
Amazon Linux 2 - Docker Extra runfinch-finch Pending Fix
Amazon Linux 2023 runfinch-finch Pending Fix
Amazon Linux 2 - Docker Extra soci-snapshotter Not Affected
Amazon Linux 2023 soci-snapshotter Not Affected
Amazon Linux 2023 yq Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N