github.com/projectcalico/calico/v3
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/projectcalico/calico/v3page 1 of 1
- CVE-2024-33522MEDIUMCVSS 6.7EG 6.72024-04-29
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges b…
- CVE-2026-41184MEDIUMCVSS 6.5EG 6.52026-05-28
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes t…
- CVE-2026-41185MEDIUMCVSS 6.5EG 6.52026-05-28
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unm…
Check whether github.com/projectcalico/calico/v3 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/projectcalico/calico/v3 CVEs against the assets you own.
Start Free Scan →