Google kCTF is a Kubernetes-based CTF competition infrastructure from Google (Google). kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to compromise the kctf ip source range settings.