CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-55175

highCVSS 7.5covered by 1 sourcefirst seen 2026-07-10
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pods when performing Kustomize bakes. This issue is fixed in versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4.

⚡ Watch CVE-2026-55175

Get an email if CVE-2026-55175 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-55175

CVE.org record

Embed the live status

CVE-2026-55175 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-55175 status](https://www.csirts.com/badge/CVE-2026-55175)](https://www.csirts.com/cve/CVE-2026-55175)