VDB
GCVE-110-CLOUD-2022-0043
GCVE-110-CLOUD-2022-0043
Advisory Published
Unit 42 researchers disclosed several vulnerabilities and attack techniques in GKE Autopilot to Google, the root cause being insufficient verification of allowlisted workload image names.
An attacker with permissions to create a pod could have abused these vulnerabilities to (1) escape their pod and compromise the underlying node, (2) escalate privileges and become full cluster administrators,
and (3) covertly persist administrative access through backdoors that are completely invisible to cluster operators.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Autopilot | — | — |
| GCP | GKE | — | — |
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.