Flannel has cross-node remote code execution via extension backend BackendData injection
Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected.
Advisories for Golang/Github.com/Flannel-Io/Flannel package
2026