cbcvebase.
CVE-2026-32720
published 2026-03-16

CVE-2026-32720: The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to…

PriorityP337high7.1CVSS 4.0
AVNACLATPPRNUINVCNVINVANSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.26%
17.4th percentile
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
ctfer-iomonitoring< 0.2.10.2.1
github.comctfer-io_monitoring>= 0 < 0.2.10.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.