Description
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
Published: 2026-03-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Lateral movement via unauthorized namespace access
Action: Apply Patch
AI Analysis

Impact

The CTFer.io Monitoring component gathers logs, metrics and traces; a mis‑written NetworkPolicy allowed a malicious actor to pivot from one component to any other Kubernetes namespace. This constitutes an Access Control failure (CWE-284) that directly undermines the expected security‑by‑default posture of the deployment. The vulnerability therefore enables potential lateral movement within the cluster and could expose other services and data to an attacker. (CVE description)

Affected Systems

Affected product: ctfer-io monitoring. Any deployment prior to version 0.2.1 is vulnerable, as the fix is included in 0.2.1. (Vendor: ctfer-io:monitoring)

Risk and Exploitability

The CVSS score of 7.1 classifies the risk as High. The EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to gain network access to the monitoring component; from there the flawed NetworkPolicy permits pivoting across namespaces. (SCORES)

Generated by OpenCVE AI on March 19, 2026 at 16:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ctfer-io monitoring to version 0.2.1 or later (reference: https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x)

Generated by OpenCVE AI on March 19, 2026 at 16:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7x23-j8gv-v54x github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
History

Mon, 16 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ctfer-io
Ctfer-io monitoring
Vendors & Products Ctfer-io
Ctfer-io monitoring

Fri, 13 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
Title Improper Access Control in github.com/ctfer-io/monitoring
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Ctfer-io Monitoring
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T16:42:54.043Z

Reserved: 2026-03-13T15:02:00.625Z

Link: CVE-2026-32720

cve-icon Vulnrichment

Updated: 2026-03-16T16:42:49.212Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:19:43.030

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-32720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:39:14Z

Weaknesses