Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CTFer.io Monitoring component allows malicious file overwrites
CVE-2026-32771
Summary
Versions of the CTFer.io Monitoring component prior to 0.2.2 can be tricked into overwriting important system files, potentially allowing attackers to gain control of the system. This is especially concerning because it can be done by any pod in the cluster, making it a significant security risk. Update to version 0.2.2 or later to fix this issue.
Original title
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchive...
Original description
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors. The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2.
nvd CVSS4.0
8.8
Vulnerability type
CWE-22
Path Traversal
Published: 20 Mar 2026 · Updated: 20 Mar 2026 · First seen: 20 Mar 2026