{"id":81821,"date":"2026-07-11T02:46:48","date_gmt":"2026-07-10T23:16:48","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-55175-spinnaker-improper-yaml-processing-on-kustomize-bake-operations\/"},"modified":"2026-07-11T02:46:48","modified_gmt":"2026-07-10T23:16:48","slug":"cve-2026-55175-spinnaker-improper-yaml-processing-on-kustomize-bake-operations","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-55175-spinnaker-improper-yaml-processing-on-kustomize-bake-operations\/","title":{"rendered":"CVE-2026-55175 &#8211; Spinnaker: Improper yaml processing on kustomize bake operations"},"content":{"rendered":"<p>CVE ID :CVE-2026-55175<\/p>\n<p>  Published : July 10, 2026, 11:16 p.m. | 32\u00a0minutes ago<\/p>\n<p>  Description :Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.<\/p>\n<p>  Severity: 7.5 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-55175 Published : July 10, 2026, 11:16 p.m. | 32\u00a0minutes ago Description :Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81821","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81821"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81821\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}