CVE-2026-32241 Overview
CVE-2026-32241 is a command injection vulnerability [CWE-77] in Flannel, a network fabric for containers used in Kubernetes clusters. The flaw exists in the experimental Extension backend in Flannel versions prior to 0.28.2. An attacker who can set Kubernetes Node annotations can achieve root-level arbitrary command execution on every Flannel node in the cluster. The SubnetAddCommand and SubnetRemoveCommand handlers receive attacker-controlled data through the flannel.alpha.coreos.com/backend-data annotation and pipe it directly into a shell. Only deployments using the Extension backend are affected. The vulnerability is fixed in Flannel v0.28.2.
Critical Impact
Authenticated attackers with permission to modify Node annotations can execute arbitrary commands as root across every Flannel node, compromising the entire Kubernetes cluster.
Affected Products
- Flannel versions prior to v0.28.2 when configured with the Extension backend
- Kubernetes clusters relying on Flannel for pod networking with experimental Extension backend enabled
- Container orchestration environments deploying flannel-io/flannel with custom backend prototyping
Discovery Timeline
- 2026-03-27 - CVE-2026-32241 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-32241
Vulnerability Analysis
Flannel provides container networking for Kubernetes by allocating subnets to each node and managing inter-node traffic. The Extension backend is an experimental component that allows operators to prototype new backend types by invoking external shell commands during subnet lifecycle events. When a node joins or leaves the network, Flannel reads the flannel.alpha.coreos.com/backend-data annotation from the Kubernetes Node object. The Extension backend unmarshals this annotation and forwards its content via stdin to a configured shell command.
The SubnetAddCommand and SubnetRemoveCommand execute without sanitizing or validating the annotation content. Because Flannel runs as a privileged DaemonSet with root permissions on every cluster node, command execution inherits root context. The attack succeeds across every node in the cluster simultaneously, since each Flannel pod processes the same annotation data.
Backends such as vxlan and wireguard do not invoke shell commands with annotation data and remain unaffected. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command).
Root Cause
The root cause is the absence of input validation when passing attacker-controlled annotation data to a shell. Flannel trusts the contents of the flannel.alpha.coreos.com/backend-data annotation as structured backend metadata. The Extension backend pipes this content directly to the shell command configured for SubnetAddCommand and SubnetRemoveCommand, enabling shell metacharacter interpretation and arbitrary command construction.
Attack Vector
The attack requires Kubernetes RBAC permissions to modify Node annotations, either through a compromised service account, a workload with nodes/status patch rights, or an authenticated user with node update privileges. The attacker writes a crafted payload containing shell metacharacters into the flannel.alpha.coreos.com/backend-data annotation on any Node object. When Flannel processes the subnet event, the Extension backend pipes the payload into the configured shell command and executes embedded commands as root. The injected commands run on every Flannel pod across the cluster, providing full cluster compromise from a single annotation write.
No verified exploit code is publicly available. For technical details, refer to the GitHub Security Advisory GHSA-vchx-5pr6-ffx2.
Detection Methods for CVE-2026-32241
Indicators of Compromise
- Unexpected modifications to the flannel.alpha.coreos.com/backend-data annotation on Kubernetes Node objects, especially containing shell metacharacters such as ;, |, &&, $(), or backticks
- Flannel DaemonSet pods spawning unexpected child processes such as sh, bash, curl, wget, or nc
- Outbound network connections from Flannel pods to non-Kubernetes destinations
- Kubernetes audit log entries showing patch or update operations on Node annotations from unusual service accounts or users
Detection Strategies
- Enable Kubernetes audit logging at the Metadata level or higher and alert on annotation changes to Node objects matching flannel.alpha.coreos.com/backend-data
- Deploy admission controllers such as Kyverno or OPA Gatekeeper to reject Node annotation writes that contain shell metacharacters
- Monitor process trees inside Flannel pods for deviation from the expected flanneld process baseline
- Correlate Node annotation patch events with subsequent process executions inside Flannel pods on the same node
Monitoring Recommendations
- Enumerate all Kubernetes clusters and identify Flannel deployments using the Extension backend by inspecting the net-conf.json ConfigMap for "Type": "extension"
- Alert on any RoleBinding or ClusterRoleBinding granting patch or update verbs on nodes or nodes/status resources to non-administrative principals
- Capture and review process execution telemetry from Flannel DaemonSet pods using a Kubernetes-aware runtime sensor
- Track Flannel version inventory across clusters and prioritize remediation of versions earlier than v0.28.2
How to Mitigate CVE-2026-32241
Immediate Actions Required
- Upgrade Flannel to v0.28.2 or later across all Kubernetes clusters using the Extension backend
- Audit cluster configurations to identify whether the Extension backend is in use and review the configured SubnetAddCommand and SubnetRemoveCommand values
- Review Kubernetes RBAC bindings and remove unnecessary patch/update permissions on Node objects from service accounts and users
- Inspect existing Node annotations for suspicious content in flannel.alpha.coreos.com/backend-data before upgrading
Patch Information
The Flannel maintainers released v0.28.2 to address this vulnerability. Cluster operators should pull the patched image and roll the Flannel DaemonSet. Release notes and the official advisory are available at the Flannel v0.28.2 release page and the GHSA-vchx-5pr6-ffx2 advisory.
Workarounds
- Switch Flannel to an unaffected backend such as vxlan or wireguard by updating the net-conf.json ConfigMap and restarting the Flannel DaemonSet
- Restrict Kubernetes RBAC so that only trusted cluster administrators hold patch rights on Node objects
- Deploy a validating admission policy that rejects writes to flannel.alpha.coreos.com/backend-data containing shell metacharacters until the patch is applied
# Verify Flannel version and backend configuration
kubectl -n kube-flannel get daemonset kube-flannel-ds \
-o jsonpath='{.spec.template.spec.containers[0].image}'
kubectl -n kube-flannel get configmap kube-flannel-cfg \
-o jsonpath='{.data.net-conf\.json}'
# Upgrade Flannel DaemonSet to v0.28.2
kubectl set image daemonset/kube-flannel-ds \
-n kube-flannel kube-flannel=docker.io/flannel/flannel:v0.28.2
# Audit Node annotations for suspicious backend-data values
kubectl get nodes -o json | \
jq '.items[] | {name: .metadata.name, backend: .metadata.annotations["flannel.alpha.coreos.com/backend-data"]}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
