CVE-2026-32737

CVSS v4.0

7.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Impact

Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.

Patch

Removing the

inter-ns

NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible.

Workaround

Given your context, delete the failing network policy that should be prefixed by

inter-ns-

in the target namespace.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-32737

GHSA-FGM3-Q9R5-43V9

Affected Products

Github.Com/Ctfer-Io/Romeo/Environment/Deploy

CVE-2026-32737

Impact

Patch

Workaround

Weakness Enumeration

Related Identifiers

Affected Products

References · 4