CVE-2026-32241: Flannel has cross-node remote code execution via extension backend BackendData injection
Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected.
References
- github.com/advisories/GHSA-vchx-5pr6-ffx2
- github.com/flannel-io/flannel
- github.com/flannel-io/flannel/commit/08bc9a4c990ae785d2fcb448f4991b58485cd26a
- github.com/flannel-io/flannel/releases/tag/v0.28.2
- github.com/flannel-io/flannel/security/advisories/GHSA-vchx-5pr6-ffx2
- nvd.nist.gov/vuln/detail/CVE-2026-32241
Code Behaviors & Features
Detect and mitigate CVE-2026-32241 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →