CVE-2026-32241
Published: 27 March 2026
Description
Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to…
more
a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard.
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection by requiring validation of attacker-controlled Node annotation data before processing or piping to shell commands in Flannel's Extension backend.
Remediates the specific command injection flaw by requiring timely patching of Flannel to version 0.28.2 or later.
Mitigates exploitation by restricting Flannel to least functionality, such as prohibiting the experimental Extension backend and using only secure alternatives like vxlan or wireguard.
Security SummaryAI
CVE-2026-32241 is a command injection vulnerability in the experimental Extension backend of Flannel, an overlay network fabric designed for Kubernetes container orchestration. Affecting Flannel versions prior to 0.28.2, the flaw occurs because the Extension backend's SubnetAddCommand and SubnetRemoveCommand processes attacker-controlled data from the Kubernetes Node annotation `flannel.alpha.coreos.com/backend-data`. This data is unmarshalled and piped directly to a shell command without validation, enabling injection. Only the Extension backend is impacted; other backends like vxlan and wireguard remain unaffected.
An attacker with low privileges who can set Kubernetes Node annotations (consistent with the CVSS v3.1 base score of 7.5: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) can exploit this to achieve root-level arbitrary command execution on every Flannel node in the cluster. The attack requires network access and high complexity, such as crafting malicious annotation data that exploits the stdin-fed shell invocation (CWE-77: Command Injection).
The Flannel security advisory (GHSA-vchx-5pr6-ffx2) and release notes for v0.28.2 confirm the issue is fixed in that version. As a workaround, administrators should switch to a different backend such as vxlan or wireguard to avoid using the vulnerable Extension backend entirely.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via Kubernetes Node annotations enables low-privileged attackers to execute arbitrary root shell commands on Flannel nodes, directly facilitating exploitation for privilege escalation (T1068), Unix Shell execution (T1059.004), and container escape to host (T1611).