{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32769", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T18:53:03.534Z", "datePublished": "2026-03-20T00:18:55.991Z", "dateUpdated": "2026-03-20T00:18:55.991Z"}, "containers": {"cna": {"title": "Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/ctfer-io/fullchain/security/advisories/GHSA-hxm7-9q36-c77f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ctfer-io/fullchain/security/advisories/GHSA-hxm7-9q36-c77f"}, {"name": "https://github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51", "tags": ["x_refsource_MISC"], "url": "https://github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51"}, {"name": "https://github.com/ctfer-io/fullchain/releases/tag/v0.1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/ctfer-io/fullchain/releases/tag/v0.1.1"}], "affected": [{"vendor": "ctfer-io", "product": "fullchain", "versions": [{"version": "< 0.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T00:18:55.991Z"}, "descriptions": [{"lang": "en", "value": "Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This issue has been fixed in version 0.1.1. To workaround, delete the failing network policy that should be prefixed by inter-ns- in the target namespace."}], "source": {"advisory": "GHSA-hxm7-9q36-c77f", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This issue has been fixed in version 0.1.1. To workaround, delete the failing network policy that should be prefixed by inter-ns- in the target namespace."}], "id": "CVE-2026-32769", "lastModified": "2026-03-20T01:15:55.780", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T01:15:55.780", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51"}, {"source": "security-advisories@github.com", "url": "https://github.com/ctfer-io/fullchain/releases/tag/v0.1.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/ctfer-io/fullchain/security/advisories/GHSA-hxm7-9q36-c77f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.1.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "fullchain", "source": "cna", "vendor": "ctfer-io"}, "product": "fullchain", "vendor": "ctfer-io"}], "analysis": {"en": {"generated_at": "2026-03-20T02:21:30.838942+00:00", "value": {"mitigation_remediation": ["Upgrade Fullchain to v0.1.1 or later.", "Delete the inter\u2011ns\u2011 prefixed NetworkPolicy in the affected namespace to revert to the intended network isolation."], "summary": {"action": "Upgrade", "impact": "Unauthorized Namespace Lateral Movement"}, "threat_synthesis": {"affected_systems": "Affected product: ctfer\u2011io:fullchain. All releases older than 0.1.1 are vulnerable. No specific patch version list is provided other than the note that the issue was fixed in 0.1.1.", "description_and_impact": "The vulnerability is caused by a mis\u2011written NetworkPolicy in Fullchain versions prior to 0.1.1. The policy incorrectly permits traffic between Pods in different namespaces, allowing a malicious actor who compromises a Pod in one namespace to reach any Pod in another namespace. This represents an access\u2011control flaw (CWE\u2011284) that can lead to lateral movement within the Kubernetes cluster, potentially exposing sensitive data or further compromising cluster resources.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a medium\u2011to\u2011high severity. EPSS data is unavailable, so the current likelihood of exploitation is unknown, and the vulnerability is not listed in the CISA KEV catalog. Credentialed or successfully compromised application Pods can pivot across namespaces, so the attack vector is cluster\u2011internal and requires initial access to a compromised Pod. The impact is potential unauthorized data exposure and service disruption within the cluster."}}}}, "created": "2026-03-20T08:54:10.021769+00:00", "updated": "2026-03-20T10:43:36.965232+00:00", "vendors": ["ctfer-io", "ctfer-io$PRODUCT$fullchain"]}