CNNVD-202601-1478 Information

Jan 08, 2026 cve

CNNVD ID

CNNVD-202601-1478

CVE-2025-66001

  • CNNVD Published: 2026-01-08

Description (Chinese)

NeuVector是美国NeuVector公司的一套端到端的容器安全平台。该平台包括图像漏洞管理、准入控制和容器进程/文件系统保护等功能。 NeuVector存在信任管理问题漏洞,该漏洞源于OpenID Connect的TLS验证不足,可能导致中间人攻击。

Description (English)

NeuVector is an end-to-end container safety platform for NeuVector in the United States. The platform includes features such as image gap management, access control and container process/document system protection. NeuVector had a confidence management gap, which stemmed from inadequate TLS certification by OpenID Connect and could lead to attacks by intermediaries.

Hazard Level

Medium

Vulnerability Type

信任管理问题

Affected Vendor

NeuVector

Published

2026-01-08

Last Modified

2026-02-24

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001 https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5

Patch

https://github.com/neuvector/neuvector/releases

Share on: