CVE-2026-32720
published 2026-03-16CVE-2026-32720: The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to…
PriorityP337high7.1CVSS 4.0
AVNACLATPPRNUINVCNVINVANSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.26%
17.4th percentile
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ctfer-io | monitoring | < 0.2.1 | 0.2.1 |
| github.com | ctfer-io_monitoring | >= 0 < 0.2.1 | 0.2.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
osv·2026-03-26
CVE-2026-32720 github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
OSV
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
osv·2026-03-13
CVE-2026-32720 [HIGH] github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace.
This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.
### Patch
Removing the `inter-ns` NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible.
### Workaround
Given your context, delete the failing network policy that should be prefixed by `inter-ns-` in the monitoring namespace.
You can use the following to delete all matching network policy. If unsure of the outcome, please do it manually.
```bash
for ns in $(kubectl g
GHSA
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
ghsa·2026-03-13
CVE-2026-32720 [HIGH] CWE-284 github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace.
This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.
### Patch
Removing the `inter-ns` NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible.
### Workaround
Given your context, delete the failing network policy that should be prefixed by `inter-ns-` in the monitoring namespace.
You can use the following to delete all matching network policy. If unsure of the outcome, please do it manually.
```bash
for ns in $(kubectl g
No detection rules found.
No public exploits indexed.
2026-03-16
Published