github.com/rancher/local-path-provisioner
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/rancher/local-path-provisionerpage 1 of 1
- CVE-2025-62878CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.0.342026-02-25
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
- CVE-2026-44543HIGHCVSS 8.7EG 8.7✓ Fixed in 0.0.362026-05-28
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can man…
Check whether github.com/rancher/local-path-provisioner is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/rancher/local-path-provisioner CVEs against the assets you own.
Start Free Scan →