Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the flannel.alpha.coreos.com/backend-data Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard.
AnalysisAI
Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).
Technical ContextAI
Flannel (cpe:2.3:a:flannel-io:flannel) is a CNI network fabric for Kubernetes that provides overlay networking for container clusters. The experimental Extension backend was designed for prototyping new backend implementations. The vulnerability (CWE-77: Command Injection) exists in the SubnetAddCommand and SubnetRemoveCommand handlers, which consume data from the flannel.alpha.coreos.com/backend-data Node annotation via stdin. This attacker-controlled JSON is unmarshalled and passed directly to shell execution without sanitization or validation. The architecture assumes Node annotations are trusted input, but Kubernetes RBAC models allow certain authenticated users to modify node metadata. Production backends like vxlan and wireguard use different code paths that do not involve external command execution from annotation data, making them immune to this specific injection vector.
RemediationAI
Upgrade to Flannel v0.28.2 or later, released by the flannel-io project at https://github.com/flannel-io/flannel/releases/tag/v0.28.2, which removes unsafe shell command execution from the Extension backend's annotation processing logic. Organizations unable to immediately upgrade should migrate to a production-supported backend such as vxlan (recommended for most deployments) or wireguard (for encrypted overlay requirements) by updating the Flannel DaemonSet configuration to specify a different backend type. Verify current backend configuration by inspecting the net-conf.json in the kube-flannel ConfigMap; if 'Type' is set to 'extension', immediate remediation is required. Review Kubernetes RBAC policies to restrict node annotation modification privileges to cluster administrators only, following principle of least privilege. Audit recent node annotation changes via Kubernetes API server logs to identify potential exploitation attempts targeting the flannel.alpha.coreos.com/backend-data annotation key.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16771
GHSA-vchx-5pr6-ffx2