CVE-2026-30963

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

CVE-2026-22872

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

CVE-2026-30963

Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...

CVE-2026-30963 Capsule Namespace Hijacking via subresource

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

EUVD-2026-33739

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

EUVD-2026-33729

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

CVE-2026-22872

CVE-2026-22872 affects Capsule, a Kubernetes multi-tenant framework. The Capsule Controller runs with cluster-admin privileges. The vulnerability lies in TenantResource RawItems processing: the code sets the namespace on deserialized objects, but this is ignored for cluster-scoped resources, allo...

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

Capsule Input Validation Vulnerability

Capsule is an open-source Kubernetes framework developed by Project Capsule. Versions of Capsule prior to 0.13.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from rules for intercepting sub-resources named namespace/finalize and namespace/status that we...

Capsule security vulnerabilities

Capsule is an open-source Kubernetes framework developed by Project Capsule. Versions prior to Capsule 0.13.0 have security vulnerabilities. These vulnerabilities stem from the processing of TenantResource RawItems, which does not set namespaces for cluster-wide resources. This could allow tenant...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.25...

Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability Summary The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators can...

GHSA-QJJM-7J9W-PW72 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability Summary The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators can...

Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

CVE-2026-22872

creationtimestamp| type| source ---|---|--- 2026-05-28 05:53:43+00:00| published-proof-of-concept| https://github.com/projectcapsule/capsule/security/advisories/GHSA-qjjm-7j9w-pw72...

CVE-2026-30963

creationtimestamp| type| source ---|---|--- 2026-05-28 05:52:44+00:00| published-proof-of-concept| https://github.com/projectcapsule/capsule/security/advisories/GHSA-2ww6-hf35-mfjm...

PT-2026-44721

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description The Capsule Controller runs with cluster-admin privileges. A flaw exists in the HandleSection function within the internal/controllers/resources/processor.go file, where the processing logic for...

CVE-2026-42760

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2026-42760

CVE-2026-42760 concerns the WordPress plugin “Backup and Staging by WP Time Capsule” (revmakx) where the vulnerability enables an authentication bypass via an alternate path or channel, enabling password-recovery exploitation. Affected: wp-time-capsule plugin versions from n/a up to and including...