New technical writeups highlighted how seemingly read-only Kubernetes permissions can be escalated into remote code execution (RCE) by abusing access paths to the kubelet API. Horizon3.ai detailed a technique where a service account granted nodes/proxy GET (often treated as “read-only” for monitoring/log access) can, if it also has network reachability to the kubelet, be leveraged to execute commands in pods on reachable nodes—an outcome the Kubernetes project has largely treated as “working as intended” rather than a traditional vulnerability. The post emphasizes that this can translate into broad cluster compromise in many real environments and points to mitigations such as tightening RBAC and adopting controls aligned with KEP-2862 and vendor RBAC hardening guidance.
Separately, a bug-bounty case study described an end-to-end cloud-native kill chain culminating in Kubernetes takeover: an initial SSRF in a microservice was used to access EC2 instance metadata and steal cloud credentials, which then enabled kubelet API abuse to deploy a rogue privileged pod. From that foothold, the attacker obtained a more powerful Kubernetes service account token and escalated to cluster-admin, resulting in full cluster control and a reported $100,000 responsible disclosure payout. While the initial access vectors differ, both accounts reinforce that kubelet exposure plus permissive RBAC/service-account design can turn “limited” access into cluster-wide impact, making kubelet reachability and nodes/proxy/kubelet-related permissions high-priority review items for Kubernetes security programs.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
Kubernetes announced that v1.36 graduates fine-grained kubelet API authorization to general availability, with KubeletFineGrainedAuthz locked enabled. The change introduces dedicated kubelet subresources such as nodes/metrics, nodes/stats, nodes/log, and nodes/pods to reduce reliance on the overly broad nodes/proxy permission that had enabled kubelet /exec abuse.
Datadog Security Labs published analysis of CVE-2020-8562, describing how a time-of-check/time-of-use flaw in Kubernetes API server proxying can be combined with DNS rebinding to reach restricted destinations such as localhost or cloud metadata endpoints. The article included a proof of concept using a fake Node object and recommended mitigations such as minimum DNS TTL enforcement and Konnectivity.
Horizon3.ai published research showing that a service account with nodes/proxy and verb GET can be abused to reach the kubelet WebSocket /exec endpoint and achieve code execution in arbitrary pods on a node. The post also highlighted that this access pattern is common in default Helm chart deployments and can be stealthier than pods/exec because it may not appear directly in Kubernetes audit logs.
According to Horizon3.ai, the Kubernetes Security Team reviewed the nodes/proxy GET to kubelet exec authorization gap, classified it as 'Won’t Fix (Working as Intended),' and did not assign a CVE. The team reportedly pointed to KEP-2862 as the longer-term approach for reducing reliance on nodes/proxy permissions.
From the privileged pod, the attacker obtained a high-privilege Kubernetes ServiceAccount token that granted cluster-admin permissions, resulting in full cluster compromise. The author says the issue was responsibly disclosed and led to a $100,000 bug bounty payout.
Using node-level credentials, the attacker accessed the Kubelet API and deployed a rogue privileged pod into the Kubernetes cluster. This provided a foothold on the cluster that enabled further privilege escalation.
A cloud-native attack chain began with a server-side request forgery flaw in a microservice, which was used to access EC2 instance metadata and obtain cloud credentials from the underlying node environment. This initial access enabled movement from an application bug into the cloud and Kubernetes control plane context.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
kubernetes.io
Open sourcesecuritylabs.datadoghq.com
Open sourcehorizon3.ai
Open sourceinfosecwriteups.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.