Security Advisories · kcp-dev/kcp · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
GHSA-q6hv-wcjr-wp8h published Sep 26, 2025 by embik

Low
Unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
GHSA-w2rr-38wv-8rrp published Mar 20, 2025 by embik

Critical
Impersonation allows access to global administrative groups
GHSA-c7xh-gjv4-4jgv published Dec 11, 2024 by embik

Moderate