PatchSiren

spinnaker CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH spinnaker CVE published 2026-07-10

CVE-2026-55175

CVE-2026-55175 is a high-severity vulnerability in Spinnaker, an open-source, multi-cloud continuous delivery platform. The issue affects Kustomize bake operations, allowing unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. The vulnerability is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4. Users of Spinnaker [truncated]

HIGH spinnaker CVE published 2026-07-10

CVE-2026-44795

CVE-2026-44795 is a high-severity vulnerability in Spinnaker, an open-source multi-cloud continuous delivery platform. The issue allows for remote code execution due to unsafe YAML processing, which bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. This occurs because of the use of a non-safe constructor that enables arbitrary loading of Java classes.