{"id":"CVE-2026-32720","summary":"Improper Access Control in github.com/ctfer-io/monitoring","details":"The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.","aliases":["GHSA-7x23-j8gv-v54x","GO-2026-4701"],"modified":"2026-04-01T23:08:15.305091Z","published":"2026-03-13T21:27:52.824Z","related":["SUSE-SU-2026:1135-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32720.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-284"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32720.json"},{"type":"ADVISORY","url":"https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32720"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ctfer-io/monitoring","events":[{"introduced":"0"},{"fixed":"5404a11863b32b14ee5c62d1215352ab519d4edb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.2.1"}]}}],"versions":["v0.1.0","v0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32720.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"}]}