Skip to main content

Suse CVE-2026-32737

CRITICAL
Improper Access Control (CWE-284)
2026-03-16 https://github.com/ctfer-io/romeo GHSA-fgm3-q9r5-43v9
Critical
Disputed · 10.0 NVD
Share

Severity by source

Sources disagree (Low–Critical)
GitHub Advisory PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SUSE
3.1 LOW
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 20:56 vuln.today
Patch released
Mar 16, 2026 - 20:56 nvd
Patch available
CVE Published
Mar 16, 2026 - 20:45 nvd
CRITICAL 10.0

DescriptionGitHub Advisory

Impact

Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.

Patch

Removing the inter-ns NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible.

Workaround

Given your context, delete the failing network policy that should be prefixed by inter-ns- in the target namespace.

AnalysisAI

CVE-2026-32737 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Technical ContextAI

CWE-284 (Improper Access Control). CVSS 10.0 indicates critical severity with likely remote exploitation vector.

RemediationAI

Apply the vendor-supplied patch immediately.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-32737 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy