‹ Back to Diagnose

Diagnose / detail

ACME Corp
critical

Unpatched critical CVE-2026-3148

A CISA-KEV critical on a Kubernetes node, past the PCI 30-day patch window.

PCI-DSS →NIST CSF → Open — flagged by Tenable.io + CISA KEV feed

Root cause

A Kubernetes node is running a container runtime with a known-exploited critical CVE (CVE-2026-3148) that is on the CISA KEV list but outside the current patch window.

Business impact

A KEV-listed critical on an internet-adjacent node is exactly what an assessor and an attacker both look for first. PCI requires critical patches within 30 days; this is overdue.

Mapped controls

NIST ID.RA-01
Fails while this gap is open
PCI R6.3
Fails while this gap is open
CIS 7.3
Fails while this gap is open