This issue has been assessed as high severity. Review affected configurations immediately.
Azure Kubernetes Service patched CVE-2026-32193 in the June 2026 Patch Tuesday cycle — a path traversal vulnerability allowing a low-privileged attacker running inside a hostNetwork-configured pod to escape the container boundary and gain control of the underlying AKS worker node. No user interaction is required. CVSS 8.8.
The vulnerability requires the attacker to already have pod execution capability, which places it in the post-exploitation or insider-threat scenario: an attacker who has compromised a workload running with hostNetwork: true, or a malicious image that runs in that configuration, can break out to the underlying node and use its node IAM role credentials or kubeconfig to move laterally within the cluster or into the AWS/Azure account.
How hostNetwork Elevates Risk
hostNetwork: true in a pod spec removes the network namespace boundary — the pod shares the host’s network stack directly. It can see traffic on the host’s network interfaces, bind to host ports, and interact with services listening on localhost. Legitimate use cases exist (node-level monitoring agents like Datadog, node CNI components, system-level network tooling), but it is frequently found in workloads that don’t actually require it.
CVE-2026-32193 affects the AKS node component that handles path resolution for certain operations in hostNetwork pods. The vulnerability allows a path traversal that, when chained with a writable target in the node’s filesystem, achieves arbitrary command execution in the context of the node agent process. From there, an attacker gains access to the node’s kubelet credentials, any secrets mounted on running pods across the node, and the node’s IAM metadata service endpoint.
Immediate Remediation
1. Update your AKS node pools to the patched version.
Check your current node image version:
az aks nodepool list \
--resource-group <your-rg> \
--cluster-name <your-cluster> \
--query "[].{Name:name,NodeImageVersion:nodeImageVersion}" \
--output table
Upgrade node pools to the June 2026 patched image:
az aks nodepool upgrade \
--resource-group <your-rg> \
--cluster-name <your-cluster> \
--name <nodepool-name> \
--node-image-only
Verify the update completed:
az aks nodepool show \
--resource-group <your-rg> \
--cluster-name <your-cluster> \
--name <nodepool-name> \
--query "nodeImageVersion"
Audit and Restrict hostNetwork Usage
While patching, audit every workload currently using hostNetwork: true and evaluate whether it’s genuinely required. The vast majority of application pods do not need it.
kubectl get pods --all-namespaces -o json \
| jq -r '.items[] | select(.spec.hostNetwork == true) |
[.metadata.namespace, .metadata.name, .spec.nodeName] | @tsv'
For any workload you cannot immediately remove hostNetwork from, ensure it’s running a trusted, scanned image and that the pod has no unnecessary elevated privileges.
Enforce Restrictions with Pod Security Standards
Kubernetes Pod Security Standards (PSS) provide three profiles: Privileged, Baseline, and Restricted. The Baseline profile prohibits hostNetwork: true.
Enforce Baseline across namespaces that don’t explicitly require host-level access:
kubectl label namespace <your-namespace> \
pod-security.kubernetes.io/enforce=baseline \
pod-security.kubernetes.io/enforce-version=latest
For namespaces running privileged workloads (CNI, monitoring agents), use audit mode to surface violations without blocking:
kubectl label namespace kube-system \
pod-security.kubernetes.io/audit=baseline \
pod-security.kubernetes.io/audit-version=latest
Kubernetes Admission Control with Kyverno or OPA/Gatekeeper
For stricter control, enforce a policy that requires explicit business justification for hostNetwork: true:
Kyverno ClusterPolicy to deny hostNetwork outside approved namespaces:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-host-network-unauthorized
spec:
validationFailureAction: Enforce
rules:
- name: deny-host-network
match:
resources:
kinds:
- Pod
exclude:
resources:
namespaces:
- kube-system
- monitoring
validate:
message: "hostNetwork is not permitted outside approved system namespaces."
pattern:
spec:
=(hostNetwork): "false"
Detect Exploitation Attempts with AKS Audit Logs
Enable Microsoft Defender for Containers (or open-source Falco) to detect anomalous activity consistent with CVE-2026-32193 exploitation patterns:
- Unexpected process execution by the kubelet or node-level service accounts
- File access to paths outside normal container boundaries by the node agent process
- New privileged container creation from within an existing pod
- API server calls using node credentials for non-node operations
For Falco, the following rule detects write operations to sensitive paths from a container running in hostNetwork mode:
- rule: Write to Sensitive Host Path from hostNetwork Container
desc: Detects file writes to sensitive host paths from a container with host network access
condition: >
open_write and container and
container.privileged = false and
fd.name startswith /proc and
container.name != host
output: >
Suspicious write to host proc from container
(user=%user.name container=%container.name
image=%container.image.repository fd=%fd.name)
priority: WARNING
tags: [container, filesystem, mitre_privilege_escalation]
Broader Hardening Context
CVE-2026-32193 is a reminder that hostNetwork is a trust boundary weakener, not just a permission. Any vulnerability in any component that runs with host network access becomes a potential node escape. Apply defence-in-depth:
- Avoid
hostNetwork: truein application workloads entirely - Use Workload Identity or Azure Managed Identity rather than mounting node-level credentials into pods
- Regularly run
kube-benchagainst your AKS node pool to verify CIS Kubernetes Benchmark compliance - Treat node-level credential access as equivalent to control-plane access in your threat model