CVE-2026-39429 — HIGH (8.2)

Q: How severe is CVE-2026-39429?

CVE-2026-39429 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-39429?

Check the references section above for vendor advisories and patch information. Affected products include: Kcp Kcp.

Vulnerability Description

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Kcp	Kcp	< 0.29.3

Related Weaknesses (CWE)

CWE-302 CWE-862

References

https://github.com/kcp-dev/kcp/releases/tag/v0.29.3Release Notes
https://github.com/kcp-dev/kcp/releases/tag/v0.30.3Release Notes
https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585pExploitMitigationVendor Advisory

FAQ

What is CVE-2026-39429?

CVE-2026-39429 is a vulnerability with a CVSS score of 8.2 (HIGH). kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and ...

How severe is CVE-2026-39429?

CVE-2026-39429 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-39429?

Check the references section above for vendor advisories and patch information. Affected products include: Kcp Kcp.