Cybersecurity researchers have identified critical vulnerabilities in Chaos Mesh that could allow attackers to take over Kubernetes clusters. The flaws stem from unauthenticated access to the GraphQL server, enabling remote code execution and malicious fault injections. #ChaosMesh #KubernetesSecurity
Keypoints
- Multiple critical security vulnerabilities have been found in Chaos Mesh, an open-source Chaos Engineering platform.
- The vulnerabilities allow attackers with minimal network access to perform cluster takeovers and malicious actions.
- One key flaw involves unauthenticated access to the GraphQL debugging server, leading to potential process termination and DoS attacks.
- Other vulnerabilities include command injection in specific mutation operations within the Chaos Controller Manager.
- It is strongly recommended to update to version 2.7.3 and restrict network traffic if immediate patching is not feasible.
Read More: https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html