Critical severity9.8NVD Advisory· Published Mar 20, 2026· Updated Apr 16, 2026
CVE-2026-32769
CVE-2026-32769
Description
Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This issue has been fixed in version 0.1.1. To workaround, delete the failing network policy that should be prefixed by inter-ns- in the target namespace.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ctfer-io/fullchainGo | < 0.1.1 | 0.1.1 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/ctfer-io/fullchainpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.1.1+ 1 more
- (no CPE)range: < 0.1.1
- (no CPE)range: < 0.0.20260326T203309-150000.1.155.2
Patches
Vulnerability mechanics
References
5- github.com/ctfer-io/fullchain/commit/dbcb90178bcb07a3f5a1efa4c6350f3a6ce34f51nvdPatchWEB
- github.com/ctfer-io/fullchain/security/advisories/GHSA-hxm7-9q36-c77fnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-hxm7-9q36-c77fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32769ghsaADVISORY
- github.com/ctfer-io/fullchain/releases/tag/v0.1.1nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.