CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22872

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant administrators can leverage the Controller's elevated privileges to create cluster-scoped resources (such as ClusterRole and ValidatingWebhookConfiguration) that they cannot create directly, achieving cross-tenant privilege escalation and cluster-level attacks. The attack vector has a few limiting factors. This attack requires Tenant Owner privileges and requires Capsule Controller running with cluster-admin privileges (default configuration). Additionally, some clusters may have additional admission controllers blocking malicious resources. Version 0.13.0 patches this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.9%

CVSS Severity

CVSS v3 Score 9.1

References

Products affected by CVE-2026-22872

Projectcapsule » Capsule » Version: N/A

cpe:2.3:a:projectcapsule:capsule:-
Projectcapsule » Capsule » Version: 0.0.1

cpe:2.3:a:projectcapsule:capsule:0.0.1
Projectcapsule » Capsule » Version: 0.0.2

cpe:2.3:a:projectcapsule:capsule:0.0.2
Projectcapsule » Capsule » Version: 0.0.3

cpe:2.3:a:projectcapsule:capsule:0.0.3
Projectcapsule » Capsule » Version: 0.0.4

cpe:2.3:a:projectcapsule:capsule:0.0.4
Projectcapsule » Capsule » Version: 0.0.5

cpe:2.3:a:projectcapsule:capsule:0.0.5
Projectcapsule » Capsule » Version: 0.1.0

cpe:2.3:a:projectcapsule:capsule:0.1.0
Projectcapsule » Capsule » Version: 0.1.1

cpe:2.3:a:projectcapsule:capsule:0.1.1
Projectcapsule » Capsule » Version: 0.1.2

cpe:2.3:a:projectcapsule:capsule:0.1.2
Projectcapsule » Capsule » Version: 0.1.3

cpe:2.3:a:projectcapsule:capsule:0.1.3
Projectcapsule » Capsule » Version: 0.10.0

cpe:2.3:a:projectcapsule:capsule:0.10.0
Projectcapsule » Capsule » Version: 0.10.1

cpe:2.3:a:projectcapsule:capsule:0.10.1
Projectcapsule » Capsule » Version: 0.10.2

cpe:2.3:a:projectcapsule:capsule:0.10.2
Projectcapsule » Capsule » Version: 0.10.3

cpe:2.3:a:projectcapsule:capsule:0.10.3
Projectcapsule » Capsule » Version: 0.10.4

cpe:2.3:a:projectcapsule:capsule:0.10.4
Projectcapsule » Capsule » Version: 0.10.5

cpe:2.3:a:projectcapsule:capsule:0.10.5
Projectcapsule » Capsule » Version: 0.10.6

cpe:2.3:a:projectcapsule:capsule:0.10.6
Projectcapsule » Capsule » Version: 0.10.7

cpe:2.3:a:projectcapsule:capsule:0.10.7
Projectcapsule » Capsule » Version: 0.10.8

cpe:2.3:a:projectcapsule:capsule:0.10.8
Projectcapsule » Capsule » Version: 0.10.9

cpe:2.3:a:projectcapsule:capsule:0.10.9
Projectcapsule » Capsule » Version: 0.11.0

cpe:2.3:a:projectcapsule:capsule:0.11.0
Projectcapsule » Capsule » Version: 0.11.1

cpe:2.3:a:projectcapsule:capsule:0.11.1
Projectcapsule » Capsule » Version: 0.11.2

cpe:2.3:a:projectcapsule:capsule:0.11.2
Projectcapsule » Capsule » Version: 0.12.0

cpe:2.3:a:projectcapsule:capsule:0.12.0
Projectcapsule » Capsule » Version: 0.12.1

cpe:2.3:a:projectcapsule:capsule:0.12.1
Projectcapsule » Capsule » Version: 0.12.2

cpe:2.3:a:projectcapsule:capsule:0.12.2
Projectcapsule » Capsule » Version: 0.12.3

cpe:2.3:a:projectcapsule:capsule:0.12.3
Projectcapsule » Capsule » Version: 0.12.4

cpe:2.3:a:projectcapsule:capsule:0.12.4
Projectcapsule » Capsule » Version: 0.2.0

cpe:2.3:a:projectcapsule:capsule:0.2.0
Projectcapsule » Capsule » Version: 0.2.1

cpe:2.3:a:projectcapsule:capsule:0.2.1
Projectcapsule » Capsule » Version: 0.2.2

cpe:2.3:a:projectcapsule:capsule:0.2.2
Projectcapsule » Capsule » Version: 0.3.0

cpe:2.3:a:projectcapsule:capsule:0.3.0
Projectcapsule » Capsule » Version: 0.3.1

cpe:2.3:a:projectcapsule:capsule:0.3.1
Projectcapsule » Capsule » Version: 0.3.2

cpe:2.3:a:projectcapsule:capsule:0.3.2
Projectcapsule » Capsule » Version: 0.3.3

cpe:2.3:a:projectcapsule:capsule:0.3.3
Projectcapsule » Capsule » Version: 0.4.0

cpe:2.3:a:projectcapsule:capsule:0.4.0
Projectcapsule » Capsule » Version: 0.4.1

cpe:2.3:a:projectcapsule:capsule:0.4.1
Projectcapsule » Capsule » Version: 0.4.2

cpe:2.3:a:projectcapsule:capsule:0.4.2
Projectcapsule » Capsule » Version: 0.5.0

cpe:2.3:a:projectcapsule:capsule:0.5.0
Projectcapsule » Capsule » Version: 0.6.0

cpe:2.3:a:projectcapsule:capsule:0.6.0
Projectcapsule » Capsule » Version: 0.6.1

cpe:2.3:a:projectcapsule:capsule:0.6.1
Projectcapsule » Capsule » Version: 0.6.2

cpe:2.3:a:projectcapsule:capsule:0.6.2
Projectcapsule » Capsule » Version: 0.7.0

cpe:2.3:a:projectcapsule:capsule:0.7.0
Projectcapsule » Capsule » Version: 0.7.1

cpe:2.3:a:projectcapsule:capsule:0.7.1
Projectcapsule » Capsule » Version: 0.7.2

cpe:2.3:a:projectcapsule:capsule:0.7.2
Projectcapsule » Capsule » Version: 0.7.3

cpe:2.3:a:projectcapsule:capsule:0.7.3
Projectcapsule » Capsule » Version: 0.7.4

cpe:2.3:a:projectcapsule:capsule:0.7.4
Projectcapsule » Capsule » Version: 0.8.0

cpe:2.3:a:projectcapsule:capsule:0.8.0
Projectcapsule » Capsule » Version: 0.8.1

cpe:2.3:a:projectcapsule:capsule:0.8.1
Projectcapsule » Capsule » Version: 0.9.0

cpe:2.3:a:projectcapsule:capsule:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22872

Products

Pricing

Contact Us