CVE-2026-30963— Capsule Namespace Hijacking via subresource
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| projectcapsule | capsule | < 0.13.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-30963
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Capsule Namespace Hijacking via subresource
Source: NVD (National Vulnerability Database)
Vulnerability Description
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. Prior to version 0.13.0, the webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking. Version 0.13.0 fixes the issue. Another mitigation is to add two subresources (namespaces and snamespaces/status with namespace/finalize within it) to the resources list in the ValidatingWebhookConfiguration rules.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| projectcapsule | capsule | < 0.13.0 | - |
II. Public POCs for CVE-2026-30963
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-30963
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-30963 (1)
Vendor Pages for CVE-2026-30963 (1)
- 🔗 Release v0.13.0 · projectcapsule/capsule · GitHubx_refsource_MISC
IV. Related Vulnerabilities
Same product: capsule
Same vendor: projectcapsule
- CVE-2026-22872
Capsule TenantResource RawItems Cluster-Scoped Resource Crea - CVE-2025-55205
Capsule tenant owners with "patch namespace" permission can - CVE-2024-39690
Capsule tenant owner with "patch namespace" permission can h - CVE-2023-48312
Authentication bypass using an empty token in capsule-proxy - CVE-2023-46254
Service accounts can see namespaces of other tenants in caps
Same weakness: CWE-20
- CVE-2026-45685
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on - CVE-2026-45678
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing ca - CVE-2026-45676
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing a - CVE-2026-7195
CWE-20: Improper Input Validation in web services in Progres - CVE-2026-3620
Word Replacer <= 0.4 - Authenticated (Administrator+) Stored
V. Comments for CVE-2026-30963
No comments yet