CVE ID :CVE-2026-29955 Published : April 13, 2026, 7:16 p.m. | 32 minutes ago Description :The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...