Affected by GO-2025-3985
and 1 other vulnerabilities
GO-2025-3985: kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp
GO-2026-5088: kcp's cache server is accessible without authentication or authorization checks in github.com/kcp-dev/kcp