Three security vulnerabilities were identified in the OIDC Discovery client:
Blind Server-Side Request Forgery (SSRF) via Cross-Host Redirects:
Fulcio uses an HTTP client to fetch OIDC discovery metadata (/.well-known/openid-configuration). Prior to this fix, if a configured issuer returned an HTTP redirect to a different host, the client followed it by default. This allowed a compromised or malicious issuer to redirect Fulcio's discovery requests to internal-only systems, resulting in blind SSRF.
JWKS Substitution and Cache Poisoning:
Because cross-host redirects were permitted during OIDC discovery, an attacker could manipulate the discovery flow to return a malicious jwks_uri pointing to an attacker-controlled host. When Fulcio successfully initialized the provider and cached the resulting verifier in the verifier cache, it poisoned the cache with the attacker's verification keys. The attacker could then present signatures validated against the poisoned keys.
Kubernetes ServiceAccount Token Leakage:
Fulcio mounts an in-cluster Kubernetes ServiceAccount token to authenticate OIDC discovery requests sent to the local control plane API server (https://kubernetes.default.svc).
jwks_uri pointed to a different domain.MetaIssuer of type kubernetes (e.g., matching external EKS/GKE endpoints) was matched, and a local Kubernetes issuer was present in the config, the transport loaded and attached the local in-cluster ServiceAccount token to outbound requests sent to the external host.The following mitigations have been applied:
https://kubernetes.default.svc).None, upgrade to v1.8.6
{
"nvd_published_at": null,
"severity": "HIGH",
"cwe_ids": [
"CWE-918"
],
"github_reviewed_at": "2026-06-30T18:38:45Z",
"github_reviewed": true
}