What is CVE-2022-3172?

Kube-apiserver bug letting aggregated servers redirect API traffic to arbitrary URLs, risking credential theft.

Does CVE-2022-3172 affect my Kubernetes cluster?

Yes, if using versions before 1.25.3 / 1.24.7 and have aggregated API servers. Check with kubectl version.

Upgrade Kubernetes. Audit and revoke aggregated server certs. Monitor API traffic for odd redirects.

Kubernetes clusters? Compromised by a sneaky redirect in kube-apiserver. CVE-2022-3172 hands attackers your traffic – and your secrets.

theAIcatchup Apr 08, 2026 4 min read

CVE-2022-3172 allows arbitrary redirects from aggregated API servers, exposing bearer tokens. 𝕏
Affects most Kubernetes setups with extensions; patches available since late 2022. 𝕏
Unique risk: Turns trusted API extensions into phishing vectors for cluster takeover. 𝕏

Published by

Threat intelligence. Zero noise.

#API redirect attack #CVE-2022-3172 #Kubernetes vulnerability #kube-apiserver

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities