Elevated Permissions Vulnerability in Pinniped Supervisor for Kubernetes Clusters
CVE-2026-59269
3.8LOW
What is CVE-2026-59269?
A flaw in the Pinniped Supervisor allows an attacker to gain elevated permissions in Kubernetes clusters under specific conditions. This issue occurs if the Pinniped Supervisor server uses a configured ActiveDirectoryIdentityProvider resource with an empty groupName attribute and if certain parameters allow group entries to be altered. If the attacker knows the password of a legitimate Active Directory user and can modify group entries, they could potentially be included in the group search results, leading to unauthorized access within the cluster.
Affected Version(s)
Pinniped 0.11.0 <= 0.46.0