vulnerability-research

Vulnerability Research & Responsible Disclosure Shivam Paji...

SUSE CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

CVE-2026-32768

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as...

CVE-2026-32720

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to a misconfigured NetworkPolicy. An attacker can gain unauthorized access to resources in other namespaces by exploiting the flawed policy configuration, allowing lateral movement across the cluster. Workaroun...

GHSA-439W-V2P7-PGGC Juju has unauthorized access to out-of-scope Kubernetes secrets

Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...

GHSA-MW24-F3XH-J3QV Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of...

PT-2026-25861

Name of the Vulnerable Software and Affected Versions Fullchain versions prior to 0.1.1 Description Fullchain is a platform for deploying CTF Capture The Flag environments. A misconfigured NetworkPolicy allows a malicious actor to move laterally from a compromised application to any Pod in a...

CVE-2026-32720

The CVE affects the github.com/ctfer-io/monitoring component. Root cause: a mis-written NetworkPolicy allowed a malicious actor to pivot from one component to another namespace, breaking security-by-default and enabling lateral movement. The vulnerability exists prior to version 0.2.1 and is addr...

GHSA-7X23-J8GV-V54X github.com/ctfer-io/monitoring Vulnerable to Improper Access Control

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...

github.com/ctfer-io/monitoring Vulnerable to Improper Access Control

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...

GHSA-38PP-6GCP-RQVM Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Impact CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset sectio...

CVE-2025-66360

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service Redis information to li-admin users. This can lead to privilege escalation...

The vulnerability of the WAGO Device Manager software in terms of configuration and parameter setting allows a malicious individual to gain unauthorized access to the file system. This vulnerability is related to errors in configuring CORS policies.

The vulnerability of the WAGO Device Manager software for configuring and parameterizing controllers is related to errors in configuring CORS policies. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the file system by sending specially crafted requests...

Case Study: The Cookie Privacy Monster in Big Global Retail

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn't anything malicious, but with modern web environments being so complex, mistakes can happen, and...