CVE-2026-25518

Feb. 5, 2026, 2:57 p.m.

5.9
Medium

Description

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in denial‑of‑service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. This issue has been patched in versions 1.18.5 and 1.19.3.

Product(s) Impacted

Vendor Product Versions
Jetstack
  • Cert-manager
  • 1.18.0-1.18.4, 1.19.0-1.19.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a jetstack cert-manager 1.18.0-1.18.4 / / / / / / /
a jetstack cert-manager 1.19.0-1.19.2 / / / / / / /

References

https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc
https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d
https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2
https://github.com/cert-manager/cert-manager/pull/8467
https://github.com/cert-manager/cert-manager/pull/8468
https://github.com/cert-manager/cert-manager/pull/8469
https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv

Tags

[email protected]
CWE-129
2026-02-04
CVE-2026-25518

CVSS Score

5.9 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Feb. 4, 2026, 10:15 p.m.
Last Modified: Feb. 5, 2026, 2:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.