GHSA-v8j7-hp7c-738f: Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
Summary
Kubetail has a Cross-Site WebSocket Hijacking vulnerability (CSWSH, a security flaw where a malicious website can hijack a WebSocket connection by tricking a user's browser into connecting to an unintended server). An attacker can trick an authenticated Kubetail user into visiting a malicious webpage, which then opens an unauthorized WebSocket connection to read the user's Kubernetes logs (detailed records of what containers are doing) in real time. This affects both local desktop deployments and cluster deployments, and is particularly dangerous because container logs often contain leaked credentials and sensitive data.
Solution / Mitigation
Upgrade to Kubetail Dashboard 0.14.0 or later, Kubetail Helm Chart 0.23.0 or later, or Kubetail CLI 0.16.0 or later. For users unable to upgrade immediately, the source recommends: (1) Desktop users should stop the dashboard when not actively using it and avoid visiting untrusted websites in the same browser profile while it runs. (2) Cluster users should restrict Ingress access to a VPN or office network, add a stronger authentication layer (such as an OAuth proxy) in front of basic auth, or use browser profile isolation for cluster administrators.
Vulnerability Details
EPSS: 0.0%
Yes
May 6, 2026
Classification
Affected Packages
Original source: https://github.com/advisories/GHSA-v8j7-hp7c-738f
First tracked: May 7, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%