Skip to main content

Rancher Local Path Provisioner CVE-2026-44543

| EUVDEUVD-2026-32954 HIGH
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)
2026-05-11 https://github.com/rancher/local-path-provisioner GHSA-7fxv-8wr2-mfc4
8.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
May 11, 2026 - 16:47 vuln.today
Analysis Generated
May 11, 2026 - 16:47 vuln.today
CVE Published
May 11, 2026 - 16:15 nvd
HIGH 8.7

DescriptionGitHub Advisory

Impact

A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner.

The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC provisioning and cleanup operations. However, the template is not sufficiently validated before use. Security-sensitive fields such as securityContext.privileged, hostPath volumes, and Linux capabilities can be injected into the template.

Example malicious HelperPod template:

~~~yaml apiVersion: v1 kind: Pod metadata: name: helper-pod spec: containers:

  • name: helper-pod

image: docker.io/kindest/local-path-helper:v20230510-486859a6 imagePullPolicy: IfNotPresent securityContext: privileged: true volumeMounts:

  • name: host-root

mountPath: /host volumes:

  • name: host-root

hostPath: path: / type: Directory ~~~

When a PVC operation triggers HelperPod creation, the provisioner creates the HelperPod using the attacker-controlled template. This can result in a privileged pod running on the target node with the host root filesystem mounted.

This may allow the attacker to access sensitive host files, read ServiceAccount tokens from other pods on the same node, access other tenants' local-path volume data, or modify files on the host node.

Expected Behavior:

  • The HelperPod template should not allow privileged containers.
  • The HelperPod template should not allow arbitrary hostPath mounts.
  • Security-sensitive fields in helperPod.yaml should be validated or rejected before the provisioner creates HelperPods.

Patches

This vulnerability is addressed by validating the HelperPod template loaded from the local-path-config ConfigMap before it is used to create HelperPods.

The fix ensures that unsafe fields such as privileged security contexts, hostPath volumes, and other dangerous pod security settings are rejected. This prevents an attacker with ConfigMap edit permission from injecting a malicious HelperPod template that grants access to the host node.

Previously, a malicious user could modify helperPod.yaml to cause the provisioner to create a privileged HelperPod with the host root filesystem mounted, potentially leading to node-level compromise and ServiceAccount token theft.

With this fix, HelperPod templates containing unsafe security-sensitive fields are denied, and only safe HelperPod configurations are accepted.

Patched versions of local-path-provisioner include releases v0.0.34 and later.

No patches are provided for earlier releases, as they do not include the necessary HelperPod template validation logic.

Workarounds

Users should upgrade to a patched version of local-path-provisioner to fully mitigate this vulnerability.

As a temporary mitigation, users can restrict write access to the local-path-config ConfigMap in the local-path-storage namespace. Only trusted administrators should be allowed to update this ConfigMap.

Users may also mark the ConfigMap as immutable after deployment:

~~~bash kubectl -n local-path-storage patch configmap local-path-config \ --type merge -p '{"immutable": true}' ~~~

Additionally, enabling Kubernetes Pod Security Admission for the local-path-storage namespace can provide defense in depth. For example, enforcing the baseline policy can prevent privileged HelperPods from being created even if the template is modified:

~~~bash kubectl label namespace local-path-storage \ pod-security.kubernetes.io/enforce=baseline \ pod-security.kubernetes.io/warn=restricted ~~~

These mitigations reduce the risk of exploitation, but upgrading to a patched release is required to fully address the issue.

References

If you have any questions or comments about this advisory:

AnalysisAI

Template injection in Rancher Local Path Provisioner allows Kubernetes cluster operators with ConfigMap edit permissions to escalate privileges to node-level root access. Attackers with write access to the local-path-config ConfigMap can inject malicious Pod templates that bypass security controls, creating privileged containers with full host filesystem access. This enables theft of ServiceAccount tokens from co-located pods, access to other tenants' persistent volume data, and arbitrary modification of host node files. Vendor-released patch: v0.0.36. CVSS 8.7 (High) reflects the high-privilege prerequisite (PR:H) but scope change to container escape (S:C). No public exploit identified at time of analysis, though exploitation is straightforward for authenticated cluster operators.

Technical ContextAI

The Local Path Provisioner is a Kubernetes storage provisioner (pkg:go/github.com_rancher_local-path-provisioner) that creates PersistentVolumes on cluster nodes using local storage. It uses HelperPods-short-lived containers-to perform volume setup and cleanup operations. The provisioner reads a YAML template from the local-path-config ConfigMap to define HelperPod specifications. CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine) applies because the provisioner performs insufficient validation on this user-controlled template before passing it to the Kubernetes API. Security-critical Kubernetes Pod fields like securityContext.privileged (runs container as root with full kernel capabilities), hostPath volumes (mounts arbitrary host directories), and Linux capabilities are not sanitized. This is a Server-Side Template Injection (SSTI) variant in a Kubernetes-native context, where the template engine is the Kubernetes Pod creation API itself.

RemediationAI

Upgrade to Rancher Local Path Provisioner v0.0.36 or later, which implements validation to reject HelperPod templates containing privileged security contexts, hostPath volumes, and other unsafe Pod security fields. Apply the upgrade per standard Kubernetes operator upgrade procedures, typically via Helm chart update or manifest redeployment. No patches are available for earlier releases-validation logic does not exist in prior versions, requiring upgrade to v0.0.36+. Temporary workarounds pending upgrade: (1) Restrict RBAC to prevent untrusted users from editing the local-path-config ConfigMap-only cluster administrators should have ConfigMap write permissions in local-path-storage namespace. (2) Mark the ConfigMap immutable post-deployment using kubectl patch to prevent runtime modifications (trade-off: blocks legitimate configuration updates until immutability removed). (3) Enable Pod Security Admission for local-path-storage namespace with baseline or restricted policy enforcement to block privileged pod creation even if template is modified (trade-off: may require policy tuning to avoid blocking legitimate HelperPods in older provisioner versions). Defense-in-depth approach: combine RBAC tightening with Pod Security Standards enforcement while planning upgrade. Advisory URLs: https://github.com/rancher/local-path-provisioner/security/advisories/GHSA-7fxv-8wr2-mfc4 and https://github.com/advisories/GHSA-7fxv-8wr2-mfc4

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-44543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy