OVHcloud Public Cloud Status
Current status
Legend
- Operational
- Degraded performance
- Partial Outage
- Major Outage
- Under maintenance
[GLOBAL][Containers & Orchestration] - Managed Kubernetes Service event notification
Incident
Report for Public Cloud
Resolved
We are pleased to inform you that our teams released new versions to resolve the security event that affected our Managed Kubernetes Service.
Start time : 22/04/2026 08:15 UTC
End time : 30/04/2026 15:30 UTC
Root Cause : This incident was caused by a software issue.
Patched MKS versions are now available. We recommend updating your clusters as soon as possible, especially those running multi-tenant workloads.
Patched versions — Free plan
Kubernetes 1.30 (end of support): patch version 1.30.14-3
Kubernetes 1.31 (end of support): patch version 1.31.13-2
Kubernetes 1.32 (end of support): patch version 1.32.13-2
Kubernetes 1.33 (supported): patch version 1.33.10-2
Kubernetes 1.34 (supported): patch version 1.34.2-2
Kubernetes 1.35 (supported): patch version 1.35.2-2
Patched versions — Standard plan
Kubernetes 1.30 (end of support): patch version 1.30.14-12
Kubernetes 1.31 (end of support): patch version 1.31.13-9
Kubernetes 1.32 (end of support): patch version 1.32.13-3
Kubernetes 1.33 (supported): patch version 1.33.10-3
Kubernetes 1.34 (supported): patch version 1.34.6-3
Kubernetes 1.35 (supported): patch version 1.35.2-2
What customers need to do
All customers can apply the patch manually right now, regardless of their cluster's Kubernetes version or security update policy. We strongly recommend doing so as soon as possible.
Via the OVHcloud Control Panel: Public Cloud > Managed Kubernetes Service > Your cluster > Apply Patch
Via the OVHcloud API: POST /cloud/project/{serviceName}/kube/{kubeId}/update with the following request body:
{
"strategy": "LATEST_PATCH"
}
Automatic rollout
For clusters running a supported Kubernetes version (1.33, 1.34, 1.35) with the ALWAYS_UPDATE or MINIMAL_DOWNTIME security policy, OVHcloud will roll out the patch automatically over the coming days.
Clusters running end-of-support Kubernetes versions (1.30, 1.31, 1.32) will not be patched automatically by OVHcloud, even with an automatic security update policy. Customers running these versions must apply the patch manually using the versions listed above. We strongly recommend planning an upgrade to a supported Kubernetes minor version as soon as possible.
Customers using the NEVER_UPDATE policy must also apply the update manually. Given the severity of this CVE, OVHcloud may force-apply the security update if clusters remain unpatched after a notice period.
Start time : 22/04/2026 08:15 UTC
End time : 30/04/2026 15:30 UTC
Root Cause : This incident was caused by a software issue.
Patched MKS versions are now available. We recommend updating your clusters as soon as possible, especially those running multi-tenant workloads.
Patched versions — Free plan
Kubernetes 1.30 (end of support): patch version 1.30.14-3
Kubernetes 1.31 (end of support): patch version 1.31.13-2
Kubernetes 1.32 (end of support): patch version 1.32.13-2
Kubernetes 1.33 (supported): patch version 1.33.10-2
Kubernetes 1.34 (supported): patch version 1.34.2-2
Kubernetes 1.35 (supported): patch version 1.35.2-2
Patched versions — Standard plan
Kubernetes 1.30 (end of support): patch version 1.30.14-12
Kubernetes 1.31 (end of support): patch version 1.31.13-9
Kubernetes 1.32 (end of support): patch version 1.32.13-3
Kubernetes 1.33 (supported): patch version 1.33.10-3
Kubernetes 1.34 (supported): patch version 1.34.6-3
Kubernetes 1.35 (supported): patch version 1.35.2-2
What customers need to do
All customers can apply the patch manually right now, regardless of their cluster's Kubernetes version or security update policy. We strongly recommend doing so as soon as possible.
Via the OVHcloud Control Panel: Public Cloud > Managed Kubernetes Service > Your cluster > Apply Patch
Via the OVHcloud API: POST /cloud/project/{serviceName}/kube/{kubeId}/update with the following request body:
{
"strategy": "LATEST_PATCH"
}
Automatic rollout
For clusters running a supported Kubernetes version (1.33, 1.34, 1.35) with the ALWAYS_UPDATE or MINIMAL_DOWNTIME security policy, OVHcloud will roll out the patch automatically over the coming days.
Clusters running end-of-support Kubernetes versions (1.30, 1.31, 1.32) will not be patched automatically by OVHcloud, even with an automatic security update policy. Customers running these versions must apply the patch manually using the versions listed above. We strongly recommend planning an upgrade to a supported Kubernetes minor version as soon as possible.
Customers using the NEVER_UPDATE policy must also apply the update manually. Given the severity of this CVE, OVHcloud may force-apply the security update if clusters remain unpatched after a notice period.
Identified
We are currently experiencing an ongoing security event affecting our Managed Kubernetes Service. The source of the issue has been identified.
Start time : 22/04/2026 08:15 UTC
Impacted service(s) : Managed Kubernetes Service (MKS) worker nodes.
Customer impact : A recently disclosed security vulnerability may allow a user within a container to gain elevated access on the underlying node.
This issue is limited to individual clusters and does not impact other customers or the managed control plane.
Customers running shared or multi-tenant workloads within the same cluster should consider this issue with higher priority.
Other OVHcloud managed services (MPR, MRS) are patched transparently by OVHcloud, no customer action required.
Root Cause : This incident is caused by a software issue.
Workaround : A temporary mitigation is available to reduce the risk while we prepare a permanent fix.
Instructions are available in our dedicated blog post:
https://blog.ovhcloud.com/copy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day
Please note that applying this mitigation is optional and remains under your responsibility.
If the vulnerability has already been exploited on your cluster, this mitigation will not remediate any pre-existing compromise
Ongoing actions : Our teams are actively working on a permanent fix.
Updated versions are expected to be available later today.
We will share further details and update instructions as soon as they are ready.
We will keep you informed of any progress.
Thank you for your understanding.
Start time : 22/04/2026 08:15 UTC
Impacted service(s) : Managed Kubernetes Service (MKS) worker nodes.
Customer impact : A recently disclosed security vulnerability may allow a user within a container to gain elevated access on the underlying node.
This issue is limited to individual clusters and does not impact other customers or the managed control plane.
Customers running shared or multi-tenant workloads within the same cluster should consider this issue with higher priority.
Other OVHcloud managed services (MPR, MRS) are patched transparently by OVHcloud, no customer action required.
Root Cause : This incident is caused by a software issue.
Workaround : A temporary mitigation is available to reduce the risk while we prepare a permanent fix.
Instructions are available in our dedicated blog post:
https://blog.ovhcloud.com/copy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day
Please note that applying this mitigation is optional and remains under your responsibility.
If the vulnerability has already been exploited on your cluster, this mitigation will not remediate any pre-existing compromise
Ongoing actions : Our teams are actively working on a permanent fix.
Updated versions are expected to be available later today.
We will share further details and update instructions as soon as they are ready.
We will keep you informed of any progress.
Thank you for your understanding.
This incident affected: Containers & Orchestration || Managed Kubernetes Service (AP-SOUTH-MUM, BHS5, EU-WEST-LIM, EU-SOUTH-MIL, EU-WEST-PAR, RBX, GRA5, GRA7, GRA9, GRA11, SBG5, SGP1, SYD1, WAW1, UK1, US-EAST-VA, US-WEST-OR).