CVE-2026-32769

Description

### Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. ### Patch Removing the `inter-ns` NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible. ### Workaround Given your context, delete the failing network policy that should be prefixed by `inter-ns-` in the target namespace. You can use the following to delete all matching network policy. If unsure of the outcome, please do it manually. ```bash for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n' | grep '^ns-'); do kubectl -n "$ns" get networkpolicy -o name \ | grep '^networkpolicy.networking.k8s.io/inter-ns-' \ | xargs -r kubectl -n "$ns" delete done ```

Priority Score