CVE-2026-32737P2HIGH≥ 0, < 0.2.12026-03-16
CVE-2026-32737 [HIGH] CWE-284 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it.
This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.
### Patch
Removing the `inter-ns`
ghsaosv