{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32720", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T15:02:00.625Z", "datePublished": "2026-03-13T21:27:52.824Z", "dateUpdated": "2026-03-16T16:42:54.043Z"}, "containers": {"cna": {"title": "Improper Access Control in github.com/ctfer-io/monitoring", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x"}], "affected": [{"vendor": "ctfer-io", "product": "monitoring", "versions": [{"version": "< 0.2.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T21:27:52.824Z"}, "descriptions": [{"lang": "en", "value": "The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1."}], "source": {"advisory": "GHSA-7x23-j8gv-v54x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T16:42:45.494032Z", "id": "CVE-2026-32720", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:42:54.043Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32720", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T16:42:45.494032Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:42:49.212Z"}}], "cna": {"title": "Improper Access Control in github.com/ctfer-io/monitoring", "source": {"advisory": "GHSA-7x23-j8gv-v54x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "ctfer-io", "product": "monitoring", "versions": [{"status": "affected", "version": "< 0.2.1"}]}], "references": [{"url": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x", "name": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T21:27:52.824Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32720", "state": "PUBLISHED", "dateUpdated": "2026-03-16T16:42:54.043Z", "dateReserved": "2026-03-13T15:02:00.625Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T21:27:52.824Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1."}, {"lang": "es", "value": "El componente de monitoreo de CTFer.io se encarga de la recolecci\u00f3n, procesamiento y almacenamiento de varias se\u00f1ales (es decir, registros, m\u00e9tricas y trazas distribuidas). Antes de 0.2.1, debido a una NetworkPolicy mal escrita, un actor malicioso puede pivotar desde un componente a cualquier otro espacio de nombres. Esto rompe la propiedad de seguridad por defecto esperada como parte del programa de despliegue, lo que lleva a un movimiento lateral potencial. Esta vulnerabilidad est\u00e1 corregida en 0.2.1."}], "id": "CVE-2026-32720", "lastModified": "2026-04-16T14:47:16.733", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:43.030", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.2.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "monitoring", "source": "cna", "vendor": "ctfer-io"}, "product": "monitoring", "vendor": "ctfer-io"}], "analysis": {"en": {"generated_at": "2026-03-19T16:06:25.828391+00:00", "value": {"mitigation_remediation": ["Upgrade ctfer-io monitoring to version 0.2.1 or later (reference: https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x)"], "summary": {"action": "Apply Patch", "impact": "Lateral movement via unauthorized namespace access"}, "threat_synthesis": {"affected_systems": "Affected product: ctfer-io monitoring. Any deployment prior to version 0.2.1 is vulnerable, as the fix is included in 0.2.1. (Vendor: ctfer-io:monitoring)", "description_and_impact": "The CTFer.io Monitoring component gathers logs, metrics and traces; a mis\u2011written NetworkPolicy allowed a malicious actor to pivot from one component to any other Kubernetes namespace. This constitutes an Access Control failure (CWE-284) that directly undermines the expected security\u2011by\u2011default posture of the deployment. The vulnerability therefore enables potential lateral movement within the cluster and could expose other services and data to an attacker. (CVE description)", "risk_and_exploitability": "The CVSS score of 7.1 classifies the risk as High. The EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to gain network access to the monitoring component; from there the flawed NetworkPolicy permits pivoting across namespaces. (SCORES)"}}}}, "created": "2026-03-16T09:22:33.552669+00:00", "updated": "2026-03-23T13:39:14.771157+00:00", "vendors": ["ctfer-io", "ctfer-io$PRODUCT$monitoring"]}