CVE-2023-5528 HIGH

CVE-2023-5528: Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

Vendor Kubernetes

Product kubelet

Weakness CWE-20 · Input validation

Published November 14, 2023

Last update February 25, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Key dates

02Disclosure timeline

November 14, 2023 CVE published

February 25, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5528

Related vulnerabilities

Identifiers

CVE CVE-2023-5528

CWE CWE-20

CVSS 7.2 / HIGH

Affected versions

Vendor Kubernetes

Product kubelet

Affected ≥ v1.28.0 and ≤ v1.28.3

Vendor Kubernetes

Product kubelet

Affected ≥ v1.27.0 and ≤ v1.27.7

Vendor Kubernetes

Product kubelet

Affected ≥ v1.26.0 and ≤ v1.26.10

Vendor Kubernetes

Product kubelet

Affected ≤ v1.25.15

CVE-2023-5528: Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

01Description

02Disclosure timeline

03References

04Related CVE