Vulnerability Description
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in version 0.6.5.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ctfer-Io | Chall-Manager | < 0.6.5 |
Related Weaknesses (CWE)
References
- https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d0Patch
- https://github.com/ctfer-io/chall-manager/releases/tag/v0.6.5Release Notes
- https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qMitigationVendor Advisory
FAQ
What is CVE-2026-32768?
CVE-2026-32768 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance ...
How severe is CVE-2026-32768?
CVE-2026-32768 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-32768?
Check the references section above for vendor advisories and patch information. Affected products include: Ctfer-Io Chall-Manager.