CVE-2026-41185

Name of the Vulnerable Software and Affected Versions Calico (affected versions not specified)

Description When configured with the Azure IPAM plugin, the Calico CNI binary modifies the incoming CNI configuration to include subnet information before passing it to the IPAM plugin. The Azure IPAM helper then logs the complete unmarshaled configuration map (stdinData) at the INFO level to /var/log/calico/cni/cni.log during every CNI ADD and DEL invocation, which occurs whenever a pod is scheduled or terminated on a node. In clusters using token-based Kubernetes authentication, these logs contain the ServiceAccount token, client key, and certificate authority in plaintext. An attacker or principal with read access to the log file on a node can extract these credentials to obtain cluster-wide Calico networking admin privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.