CVE-2026-22872

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0

Description The Capsule Controller runs with cluster-admin privileges. A flaw exists in the HandleSection() function within the internal/controllers/resources/processor.go file, where the processing logic for TenantResource RawItems fails to properly validate resource scopes. While the controller attempts to set a namespace using obj.SetNamespace(), this action is ignored by the Kubernetes API for cluster-scoped resources. Consequently, users with Tenant Owner privileges can leverage the controller's elevated permissions to create cluster-scoped resources, such as ClusterRole and ValidatingWebhookConfiguration, which they are not authorized to create directly. This can lead to cross-tenant privilege escalation, cluster-level attacks, theft of sensitive data from all tenants via malicious webhooks, or cluster-wide denial of service.

Recommendations Update to version 0.13.0. As a temporary workaround, restrict the permissions of the Capsule Controller's ServiceAccount to remove cluster-admin privileges if not strictly required.