CVE

CVE-2026-32737

Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

CVE

CVE-2026-32737

Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Impact

Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it.

This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement.

Patch

Removing the inter-ns NetworkPolicy patches the vulnerability. If updates are not possible in production environments, we recommend to manually delete it and update as soon as possible.

Workaround

Given your context, delete the failing network policy that should be prefixed by inter-ns- in the target namespace.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.9

4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Related Resources

No items found.

References

https://github.com/ctfer-io/romeo/security/advisories/GHSA-fgm3-q9r5-43v9, https://nvd.nist.gov/vuln/detail/CVE-2026-32737, https://github.com/ctfer-io/romeo/commit/3bb5e9d9ce1199dfbb90fef8ad79ebdeb0bc5e78, https://github.com/ctfer-io/romeo

Severity

10

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.00017%

EPSS Percentile

0.04141%

Introduced Version

Fix Available

0.2.1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-32737

CVE-2026-32737

Impact

Patch

Workaround

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

10

Basic Information

Fix Critical Vulnerabilities Instantly