CVE-2026-32720
HIGH
GHSA-7x23-j8gv-v54x
Lifecycle Timeline
4Description
### Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. ### Patch Removing the `inter-ns` NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible. ### Workaround Given your context, delete the failing network policy that should be prefixed by `inter-ns-` in the monitoring namespace. You can use the following to delete all matching network policy. If unsure of the outcome, please do it manually. ```bash for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n' | grep '^monitoring-'); do kubectl -n "$ns" get networkpolicy -o name \ | grep '^networkpolicy.networking.k8s.io/inter-ns-' \ | xargs -r kubectl -n "$ns" delete done ```
Analysis
A misconfigured NetworkPolicy in Kubernetes deployments allows attackers to perform unauthorized lateral movement between namespaces, breaking namespace isolation security boundaries. This vulnerability affects Kubernetes environments with improperly configured inter-namespace NetworkPolicies, specifically those with 'inter-ns' prefixed policies in monitoring namespaces. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and document all Kubernetes clusters using the affected inter-ns NetworkPolicy; assess current namespace isolation and data sensitivity. Within 7 days: Apply the vendor patch to all production and non-production environments, or execute the provided kubectl command to manually delete the inter-ns NetworkPolicy from all monitoring namespaces. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today