CVE-2026-25518

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cert-manager versions 1.18.0 through 1.18.4 cert-manager versions 1.19.0 through 1.19.2

Description cert-manager simplifies the process of obtaining, renewing, and using certificates in Kubernetes clusters. The cert-manager-controller performs DNS lookups during ACME DNS-01 processing, which by default use unencrypted DNS. An attacker intercepting and modifying DNS traffic to the cert-manager-controller pod can insert a crafted entry into cert-manager’s DNS cache. Accessing this entry causes a panic, leading to a denial-of-service (DoS) condition of the cert-manager controller. Exploitation is also possible if a malicious actor controls the authoritative DNS server for the validated domain.

Recommendations Update to cert-manager version 1.18.5 or later. Update to cert-manager version 1.19.3 or later.

Exploit

Fix

Incorrect Type Conversion or Cast

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704CWE-129

Related Identifiers

BIT-CERT-MANAGER-2026-25518

CLEANSTART-2026-AC65885

CLEANSTART-2026-BB70412

CLEANSTART-2026-GZ35045

CLEANSTART-2026-OL32822

CLEANSTART-2026-TZ92532

CLEANSTART-2026-VZ35122

CVE-2026-25518

GHSA-GX3X-VQ4P-MHHV

GO-2026-4399

SUSE-SU-2026:0757-1

Affected Products

Cert-Manager

CVE-2026-25518

Weakness Enumeration

Related Identifiers

Affected Products

References · 232