9:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"TechArticle\",\"headline\":\"Security: Multiple security vulnerabilities have been identified in the OpenSSL library.\",\"description\":\"OpenSSL vulnerabilities affecting GKE have been identified, with CVE-2025-15467 rated as critical and capable of enabling remote code execution or denial…\",\"url\":\"https://cloudscoop.io/updates/gcp-2026-02-18-google-kubernetes-engine-security-multiple-securit\",\"datePublished\":\"2026-02-18\",\"author\":{\"@type\":\"Organization\",\"name\":\"GCP\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"CloudScoop\",\"url\":\"https://cloudscoop.io\"},\"about\":[{\"@type\":\"Thing\",\"name\":\"GCP\"},{\"@type\":\"Thing\",\"name\":\"Google Kubernetes Engine\"}]}"}}],["$","$L11",null,{"update":{"id":"gcp-2026-02-18-google-kubernetes-engine-security-multiple-securit","vendor":"GCP","service":"Google Kubernetes Engine","title":"Security: Multiple security vulnerabilities have been identified in the OpenSSL library.","summary":"Multiple security vulnerabilities have been identified in the OpenSSL library.\nThe most significant finding is CVE-2025-15467, a critical vulnerability that\nmight allow for remote code execution (RCE) or denial of service (DoS) attacks\nvia network-based vectors.\nFor more information, see the\nGCP-2026-006 security bulletin.","date":"2026-02-18","tags":["Security","Containers"],"url":"https://docs.cloud.google.com/release-notes#February_18_2026","created_at":"2026-02-19T02:38:44.409648+00:00","updated_at":"2026-03-02T08:55:50.672566+00:00","summary_preview":"Multiple security vulnerabilities have been identified in the OpenSSL library.\nThe most significant finding is CVE-2025-15467, a critical vulnerability that\nmight allow for remote code execution (RCE) or denial of service (DoS) attacks\nvia network...","classified_at":null},"insights":{"sections":[{"title":"Overview","blocks":[{"type":"text","content":"OpenSSL vulnerabilities affecting GKE have been identified, with CVE-2025-15467 rated as critical and capable of enabling remote code execution or denial of service attacks. This affects the OpenSSL cryptographic library used within Kubernetes cluster components and workloads. Immediate patching is required to eliminate the attack surface in production environments."}]},{"title":"Key Differences","blocks":[{"type":"text","content":"CVE-2025-15467 allows network-based exploitation vectors previously unavailable, meaning attackers can trigger RCE or DoS without requiring cluster authentication or direct access. The vulnerability is in the underlying OpenSSL library, affecting both the Kubernetes control plane and any workloads using vulnerable OpenSSL versions. Patch availability and cluster upgrade paths are documented in GCP-2026-006 security bulletin."}]},{"title":"Implementation","blocks":[{"type":"text","content":"Platform teams must prioritize upgrades of GKE clusters to patched versions immediately. Check your cluster version against the security bulletin to determine if you are affected, then schedule upgrades using rolling node pool updates to maintain availability."},{"code":"# Check current GKE cluster version\ngcloud container clusters describe --zone= --format='value(currentNodeVersion)'\n\n# Upgrade cluster control plane\ngcloud container clusters upgrade --zone= --cluster-version=\n\n# Upgrade node pool\ngcloud container node-pools update --cluster= --zone= --node-version=","type":"code","title":"gcloud CLI","language":"bash"},{"code":"from google.cloud import container_v1\n\nclient = container_v1.ClusterManagerClient()\nproject_id = ''\nzone = ''\ncluster_name = ''\n\n# Get cluster details\ncluster = client.get_cluster(\n request={'project_id': project_id, 'zone': zone, 'cluster_id': cluster_name}\n)\nprint(f'Current version: {cluster.current_node_version}')\n\n# Upgrade cluster\nupgrade_request = container_v1.UpdateClusterRequest(\n project_id=project_id,\n zone=zone,\n cluster_id=cluster_name,\n update=container_v1.ClusterUpdate(desired_node_version='')\n)\nclient.update_cluster(request=upgrade_request)","type":"code","title":"Python (google-cloud)","language":"python"},{"code":"resource \"google_container_cluster\" \"primary\" {\n name = \"\"\n location = \"\"\n project = \"\"\n\n min_master_version = \"\"\n}\n\nresource \"google_container_node_pool\" \"primary_nodes\" {\n name = \"\"\n cluster = google_container_cluster.primary.id\n node_version = \"\"\n node_count = 3\n\n management {\n auto_repair = true\n auto_upgrade = true\n }\n}","type":"code","title":"Terraform","language":"hcl"}]},{"title":"Recommendation","blocks":[{"type":"text","content":"Act immediately to upgrade all GKE clusters to patched versions. CVE-2025-15467 is network-exploitable without authentication, making this a critical risk. Review the GCP-2026-006 security bulletin for affected versions and patch timeline, then execute cluster upgrades on an emergency schedule, prioritizing production workloads."}]}],"impact_level":"critical","action":"urgent"},"related":[{"id":"gcp-2026-04-02-google-kubernetes-engine-change-gke-cluster-versio","title":"Change: GKE cluster versions have been updated.","date":"2026-04-02","service":"Google Kubernetes Engine","vendor":"GCP"},{"id":"gcp-2026-04-02-google-kubernetes-engine-security-this-release-inc","title":"Security: This release includes new GKE versions that use updated\nContainer-Optimized OS images.","date":"2026-04-02","service":"Google Kubernetes Engine","vendor":"GCP"},{"id":"gcp-2026-03-25-google-kubernetes-engine-change-gke-cluster-versio","title":"Change: GKE cluster versions have been updated.","date":"2026-03-25","service":"Google Kubernetes Engine","vendor":"GCP"},{"id":"gcp-2026-03-25-google-kubernetes-engine-feature-to-provide-more-c","title":"Feature: To provide more controls over the control plane version upgrade, you can now do\nthe following:","date":"2026-03-25","service":"Google Kubernetes Engine","vendor":"GCP"}]}]]

Security: Multiple security vulnerabilities have been identified in the OpenSSL library.

More from Google Kubernetes Engine