Every CVE whose affected-product data names Chaos-mesh Chaos Mesh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-59359 — CVSS 9.8 (critical): The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows…
CVE-2025-59360 — CVSS 9.8 (critical): The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this…
CVE-2025-59361 — CVSS 9.8 (critical): The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this…
CVE-2024-36538 — CVSS 8.8 (high): Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service…
CVE-2025-59358 — CVSS 7.5 (high): The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster…