Local Path Provisioner provides a way for Kubernetes users to utilize local storage on each node. Prior to release 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by the Local Path Provisioner. The helperPod.yaml template is loaded and used to create HelperPods during PVC provisioning and cleanup, but the template is not sufficiently validated before use. Security-sensitive fields such as securityContext.privileged, hostPath volumes, and Linux capabilities can be injected into the template. When a PVC operation triggers HelperPod creation, the provisioner builds the HelperPod using the attacker-controlled template, potentially launching a privileged pod on the target node that mounts the host’s root filesystem. This may allow the attacker to access sensitive host files, read ServiceAccount tokens from other pods on the same node, access other tenants’ local-path volume data, or modify files on the host.

The vulnerability affects deployments of Rancher Local Path Provisioner prior to version 0.0.36. Any cluster using local-path-provisioner where users are permitted to edit the local-path-config ConfigMap in the local-path-storage namespace is susceptible.

The CVSS score of 8.7 indicates a high severity risk. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, suggesting no public exploitation yet. However, the attack vector is internal: a cluster user with permission to modify the ConfigMap can initiate the exploitation. Successful exploitation results in privileged pod execution, giving the attacker full access to host files and other tenants’ data on the same node, thereby achieving a high-impact privilege escalation within the cluster environment.