CVE-2026-32769

HIGH EPSS 39.1%
Published Mar 20, 20263mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 4.0
High
Find Similar
Published Mar 20, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This issue has been fixed in version 0.1.1. To workaround, delete the failing network policy that should be prefixed by inter-ns- in the target namespace.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
39.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-284

Affected Products 1

VendorProductVersionRange
ctferfullchain* <0.1.1

References 3

  • github.com https://github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51
    Patch
  • github.com https://github.com/ctfer-io/fullchain/releases/tag/v0.1.1
    Release Notes
  • github.com https://github.com/ctfer-io/fullchain/security/advisories/GHSA-hxm7-9q36-c77f
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51
    Patch