VYPR
Critical severity9.9NVD Advisory· Published Mar 20, 2026· Updated Apr 8, 2026

CVE-2026-32768

CVE-2026-32768

Description

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ctfer-io/chall-manager/deployGo
< 0.6.50.6.5
github.com/ctfer-io/chall-manager/sdkGo
< 0.6.50.6.5

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.