CVE-2026-32241HIGH 8.8EPSS p84.0%

CVE-2026-32241CVE-2026-32241

Description

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS2.71% probability of exploitation · percentile 84.0% · 2026-06-18T12:00:27Z
Published2026-03-27
Last modified2026-04-08

Underlying weaknesses· 1

CWE-77

References

  1. https://github.com/flannel-io/flannel/releases/tag/v0.28.2
  2. https://github.com/flannel-io/flannel/security/advisories/GHSA-vchx-5pr6-ffx2

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69902
CVE
CVE-2026-3288
CVE
CVE-2026-26191
CVE
CVE-2026-32604
CVE
CVE-2026-41184
CVE
CVE-2026-24516
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.