CVE-2026-55175 is a high-severity vulnerability in Spinnaker, an open-source, multi-cloud continuous delivery platform. The issue affects Kustomize bake operations, allowing unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. The vulnerability is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4. Users of Spinnaker [truncated]
CVE-2026-44795 is a high-severity vulnerability in Spinnaker, an open-source multi-cloud continuous delivery platform. The issue allows for remote code execution due to unsafe YAML processing, which bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. This occurs because of the use of a non-safe constructor that enables arbitrary loading of Java classes.