Google acknowledges Kubernetes operator security flaw but denies bug bounty, leaves vulnerability unpatched
By
Jessica Lyons
Summary
Google has a security vulnerability in a Kubernetes operator that could allow attackers to bypass GCP's Identity and Access Management (IAM) protections and gain full control over cloud environments. Security researcher Justin O'Leary reported the flaw to Google, which initially acknowledged it with 'Nice catch!' but then denied a bug bounty, claiming the issue was 'working as intended.' The flaw remains unpatched, raising concerns about Google's bug bounty program transparency and its handling of security vulnerabilities.
Source
Key quotes
· 3 pulled'Nice catch!' Then denied bug bounty for flaw it still hasn't fixed
'Working as intended' for the win … again
EXCLUSIVE Google has a security hole in a Kubernetes operator that could allow attackers to bypass Google Cloud Platform (GCP) identity and access protections and gain full control over any organization's cloud environment
You might also wanna read
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Analyzing CVE-2026-31431: How Rootless Podman Containers Mitigate the "Copy Fail" Privilege Escalation
A technical deep-dive into CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability. The author documents setting up a lab to run the expl
Security Vulnerability: Google's Antigravity AI Susceptible to Indirect Prompt Injection Attacks
The article describes a security vulnerability where Google's Antigravity AI system (likely referring to Gemini) can be manipulated through
promptarmor.com·7mo agoAnalysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability
A detailed technical analysis of CVE-2026-4020, a critical vulnerability in the Gravity SMTP WordPress plugin that exposed sensitive credent
Windows Defender Vulnerability Allows Malicious File Persistence Through Cloud Tag Detection
The article describes a GitHub repository called 'RedSun' that documents a Windows Defender vulnerability. The vulnerability involves Window

Comments
Sign in to join the conversation.
No comments yet. Be the first.