{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32768", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T18:53:03.534Z", "datePublished": "2026-03-20T05:30:07.431Z", "dateUpdated": "2026-03-20T15:58:42.743Z"}, "containers": {"cna": {"title": "Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv"}, {"name": "https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5", "tags": ["x_refsource_MISC"], "url": "https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5"}, {"name": "https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5"}], "affected": [{"vendor": "ctfer-io", "product": "chall-manager", "versions": [{"version": "< 0.6.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T05:30:07.431Z"}, "descriptions": [{"lang": "en", "value": "Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5."}], "source": {"advisory": "GHSA-mw24-f3xh-j3qv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T15:56:49.479890Z", "id": "CVE-2026-32768", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:58:42.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32768", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T15:56:49.479890Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:58:37.611Z"}}], "cna": {"title": "Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace", "source": {"advisory": "GHSA-mw24-f3xh-j3qv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "ctfer-io", "product": "chall-manager", "versions": [{"status": "affected", "version": "< 0.6.5"}]}], "references": [{"url": "https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv", "name": "https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5", "name": "https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5", "name": "https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T05:30:07.431Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32768", "state": "PUBLISHED", "dateUpdated": "2026-03-20T15:58:42.743Z", "dateReserved": "2026-03-13T18:53:03.534Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T05:30:07.431Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ctfer-io:chall-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "4731728D-BB33-4EB3-9223-C3C096ABF019", "versionEndExcluding": "0.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5."}, {"lang": "es", "value": "Chall-Manager es un sistema agn\u00f3stico de plataforma capaz de iniciar Desaf\u00edos bajo demanda de un jugador. En versiones anteriores a la 0.6.5, debido a una NetworkPolicy mal escrita, un actor malicioso puede pivotar desde una instancia a cualquier Pod fuera del espacio de nombres de origen. Esto rompe la propiedad de seguridad por defecto esperada como parte del programa de despliegue, lo que lleva a un movimiento lateral potencial. En el caso espec\u00edfico de SDK/kubernetes.Kompose, no a\u00edsla las instancias. Este problema ha sido solucionado en la versi\u00f3n 0.6.5."}], "id": "CVE-2026-32768", "lastModified": "2026-04-08T20:49:11.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T06:16:09.937", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.6.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "chall-manager", "source": "cna", "vendor": "ctfer-io"}, "product": "chall-manager", "vendor": "ctfer-io"}], "analysis": {"en": {"generated_at": "2026-04-08T23:08:25.315643+00:00", "value": {"mitigation_remediation": ["Upgrade Chall\u2011Manager to version 0.6.5 or later", "Verify that the Kubernetes NetworkPolicy correctly isolates pods within each namespace", "Validate cluster permissions to ensure only authorized workloads can access the Chall\u2011Manager service"], "summary": {"action": "Patch Now", "impact": "Unauthorized lateral movement across Kubernetes namespaces"}, "threat_synthesis": {"affected_systems": "The vulnerability affects ctfer\u2011io Chall\u2011Manager, specifically all deployments running a version earlier than 0.6.5. Any instance of this platform subject to the default NetworkPolicy configuration is susceptible.", "description_and_impact": "A misconfigured NetworkPolicy in Chall\u2011Manager versions before 0.6.5 allows an attacker that can access an instance pod to reach any pod outside the originating namespace. This violation of security\u2011by\u2011default isolation can enable lateral movement, potentially granting access to sensitive data or services within the cluster. The vulnerability is an improper authorization weakness (CWE\u2011284).", "risk_and_exploitability": "The CVSS score of 7.9 indicates high severity, yet the EPSS score of less than 1% suggests low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require presence within the same Kubernetes cluster and ability to run or interact with a Chall\u2011Manager instance; once achieved, the attacker can pivot to other pods due to the broken namespace isolation."}}}}, "created": "2026-03-20T08:52:27.689194+00:00", "updated": "2026-04-09T08:29:40.859030+00:00", "vendors": ["ctfer-io", "ctfer-io$PRODUCT$chall-manager"]}