Skip to content

kubelogin 1.35.2 - CVE-2025-68121 - Impact Analysis and Fix #1504

New issue
New issue
Open
Open
kubelogin 1.35.2 - CVE-2025-68121 - Impact Analysis and Fix#1504
Labels
questionFurther information is requested
@Matthiesen-Jan

Description

@Matthiesen-Jan
Matthiesen-Jan
opened on Feb 26, 2026

Hi Kubelogin team,
we’ve noted above critical CVE (CVSS 10.0) and wanted to inquire about dependencies for kubelogin 1.35.2 (win-amd64) and any fix perspective.

The CVE relates to packet crypto/tls in the standard library of Go (Golang).
Impacted software: Go-versions prior to 1.26.0-rc.1 plus distros based on it (e.g. Debian Bullseye/Bookworm, RHEL 10, Ubuntu).
How can we ensure the latest Kubelogin version is not or no longer impacted by this CV?

We refer to https://github.com/int128/kubelogin/releases/tag/v1.35.2

Kind regards
Jan.Matthiesen@bwi.de

Your environment

  • OS: e.g. win10/11
  • kubelogin version: e.g. v1.35.2
  • kubectl version: e.g. v1.35.1
  • OpenID Connect provider: no idea.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions