top of page
perceptive_background_267k.jpg

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to e…

Published:

27 May 2026 at 22:00:00

Alert date:

28 May 2026 at 18:03:14

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization

A vulnerability in Rancher Local Path Provisioner prior to version 0.0.36 allows malicious users with ConfigMap edit permissions to manipulate helperPod.yaml templates. The vulnerability enables injection of security-sensitive fields like privileged security contexts and hostPath volumes. When PVC operations trigger HelperPod creation, attackers can achieve privileged pod execution with host filesystem access. This can lead to sensitive file access, ServiceAccount token theft, cross-tenant data access, and host file modification. The vulnerability is fixed in version 0.0.36.

Technical details

Mitigation steps:

Affected products:

Rancher Local Path Provisioner

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44543
https://github.com/rancher/local-path-provisioner/security/advisories/GHSA-7fxv-8wr2-mfc4

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page