CVE-2026-44247EPSS p6.9%

CVE-2026-44247CVE-2026-44247

linuxfoundation / volcano

Description

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4.

Scoring

CVSS 6.8 ()
VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS0.17% probability of exploitation · percentile 6.9% · 2026-06-18T12:00:27Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28383
CVE
CVE-2026-4410
CVE
CVE-2026-27112
CVE
CVE-2026-49975
CVE
CVE-2026-49094
CVE
CVE-2026-42400
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.