THREAT OPS › Threat News › [GHSA] GHSA-wmj8-9953-vff5 (high) — OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection
[GHSA] GHSA-wmj8-9953-vff5 (high) — OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection
GHSA-wmj8-9953-vff5 Severity: high CVE: CVE-2026-44300
OpenCost ServiceKey Endpoint Unauthorized Credential Overwrite/Injection
## Summary
OpenCost contains an unauthenticated file write vulnerability in the `/serviceKey` endpoint that allows remote attackers to overwrite the GCP service account key file without authentication. This can lead to service disruption, credential theft, and potenti
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-44300cve
- https://opencost.github.io/opencost-helm-charturl
- http://opencost.opencost.svc.cluster.local:9003/healthzurl
- http://opencost.opencost.svc.cluster.local:9003/serviceKeyurl
- http://opencost:9003/serviceKeyurl
- https://owasp.org/Top10/A01_2021-Broken_Access_Control/url
- opencost-hijack@attacker-project.iam.gserviceaccount.comemail
- app.kubernetes.iodomain
Original source: https://github.com/advisories/GHSA-wmj8-9953-vff5