CyberSecurityBoard
Sponsor Register Login

Chaos Mesh: Critical GraphQL Flaws Expose Kubernetes Clusters to Remote Attacks

Chaos Mesh, a popular open-source chaos engineering platform for Kubernetes, has been found to contain critical GraphQL vulnerabilities that could allow remote attackers to compromise Kubernetes clusters. These security flaws expose sensitive cluster information and potentially enable unauthorized access and control over the infrastructure. The vulnerabilities stem from improper validation and authentication in the GraphQL API endpoints, which attackers can exploit to execute arbitrary queries and commands. This discovery highlights the importance of securing chaos engineering tools and Kubernetes environments against emerging threats. Users of Chaos Mesh are strongly advised to update to the latest patched versions and implement robust security measures to mitigate risks. This article delves into the technical details of the flaws, their impact on Kubernetes security, and best practices for safeguarding cloud-native applications against such attacks.

This Cyber News was published on thehackernews.com. Publication date: Tue, 16 Sep 2025 22:14:03 +0000


Cyber News related to Chaos Mesh: Critical GraphQL Flaws Expose Kubernetes Clusters to Remote Attacks

20 Best Kubernetes Monitoring Tools in 2025 - Zabbix: Enterprise-grade monitoring with support for Kubernetes clusters, offering real-time metrics and alerting. Azure Monitoring: Comprehensive monitoring solution for Azure Kubernetes Service (AKS) with real-time metrics and logs. Kubernetes ...
2 months ago Cybersecuritynews.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
1 year ago Feeds.dzone.com
Chaos Mesh: Critical GraphQL Flaws Expose Kubernetes Clusters to Remote Attacks - Chaos Mesh, a popular open-source chaos engineering platform for Kubernetes, has been found to contain critical GraphQL vulnerabilities that could allow remote attackers to compromise Kubernetes clusters. These security flaws expose sensitive cluster ...
3 weeks ago Thehackernews.com CVE-2025-12345 CVE-2025-12346
Chaos Mesh Fixes CVEs in Cluster Chaos Code - Chaos Mesh, a popular chaos engineering platform for Kubernetes, recently addressed multiple critical vulnerabilities in its cluster chaos code. These CVEs could allow attackers to disrupt cluster operations or escalate privileges, posing significant ...
3 weeks ago Infosecurity-magazine.com CVE-2023-XXXX CVE-2023-YYYY
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit ...
2 years ago Thehackernews.com
CVE-2022-49290 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Chaos Mesh Vulnerabilities: Critical Security Flaws Exposed - Chaos Mesh, a popular cloud-native chaos engineering platform, has recently been found to contain several critical vulnerabilities that could potentially allow attackers to execute arbitrary code, escalate privileges, or cause denial of service. ...
3 weeks ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Protecting against new Kubernetes threats in 2024 and beyond - A wave of new attacks targeted Kubernetes in 2023: Dero and Monero crypto miners, Scarleteel and RBAC-Buster. Finding an initial foothold with a web app vulnerability, then moving laterally is the hallmark of a Kubernetes attack. Understanding the ...
1 year ago Venturebeat.com
Critical Bugs in Chaos Mesh Could Lead to Cluster Takeover - Chaos Mesh, an open-source chaos engineering platform for Kubernetes, has been found to contain critical security vulnerabilities that could allow attackers to take over entire clusters. These bugs expose Kubernetes clusters to severe risks, ...
3 weeks ago Darkreading.com CVE-2023-28432 CVE-2023-28433
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com
XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments - PRESS RELEASE. HERZLIYA, Israel, Nov. 29, 2023 /PRNewswire/ - XM Cyber, the leader in hybrid cloud exposure management, today announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes ...
1 year ago Darkreading.com
The Kubernetes Cost Features You Need in 2024 - In the rapidly evolving Kubernetes ecosystem, managing costs effectively is as critical as ensuring operational efficiency. To make the most of your shift to cloud native technologies in 2024, you need a roadmap to Kubernetes cost optimization, ...
1 year ago Securityboulevard.com
CVE-2025-38512 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2025-27098 - GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check ...
7 months ago Tenable.com
CVE-2025-26521 - When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. ...
3 months ago
Multiple Flaws in Google Kubernetes Engine - Google Kubernetes Engine has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with ...
1 year ago Gbhackers.com
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
1 year ago Unit42.paloaltonetworks.com
CVE-2021-41249 - GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than graphql-playground-react@1.7.28 are vulnerable to compromised HTTP schema introspection responses or schema prop ...
3 years ago
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
1 year ago Feeds.dzone.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
1 year ago Gbhackers.com CVE-2023-5528 CVE-2023-3676
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes - A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. ...
1 year ago Darkreading.com CVE-2023-5528 CVE-2023-3676
5 open-source tools for pentesting Kubernetes you should check out - Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. With its ...
1 year ago Helpnetsecurity.com
Coming Soon to Wi-SUN Field Area Network: Versatility to connect sensors with low power and high throughput capabilities - The Catalyst IR8140 Heavy Duty Series Router will be Cisco's first router to support new Capabilities for FAN 1.1. In 2019 the Wi-SUN Alliance introduced the first certified products implementing Field Area Network 1.0, which is a secure, ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)