What is CVE-2026-54250?

CVE-2026-54250 is a medium-severity vulnerability in K3s-io K3s, classified under Path Traversal. CVSS score: 5.8/10. Published 2026-06-25.

How severe is CVE-2026-54250?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Path Traversal in K3s-io K3s

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive me…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H.

Affected products

K3s-io K3s — versions >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1, >= 1.34.0-rc1+k3s1, < 1.34.6+k3s1, < 1.33.10+k3s1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54250?: CVE-2026-54250 is a medium-severity vulnerability in K3s-io K3s, classified under Path Traversal. CVSS score: 5.8/10. Published 2026-06-25.
How severe is CVE-2026-54250?: Medium severity. CVSS v3 base score is 5.8 out of 10.