GHSA-rp7v-4384-hfrp: k8sGPT has Prompt Injection through its k8sGPT-Operator
Summary
This item describes a prompt injection vulnerability (tricking an AI by hiding malicious instructions in its input) in k8sGPT-Operator, a tool that helps manage Kubernetes clusters (container orchestration systems). The content explains the framework for measuring vulnerability severity through metrics like attack complexity and potential impact, but does not provide specific details about the vulnerability itself or how it works.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://github.com/advisories/GHSA-rp7v-4384-hfrp
First tracked: April 24, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%