Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators
Andong Chen
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Cloud Security
**Kubernetes operators** automate lifecycle management of complex applications, accepting user input through namespace-scoped custom resources and performing privileged operations on the cluster. This talk reveals a new class of vulnerabilities -- **cross-namespace reference vulnerabilities** -- where operators accept input from one namespace but perform operations affecting other namespaces, breaking Kubernetes' intended namespace isolation. A large-scale analysis of over **2,000 real-world operators** found that **over 14% are potentially vulnerable**, enabling credential leakage, configuration theft, and **cluster-level privilege escalation**. Confirmations and CVEs were received from **Google**, **Red Hat**, **NVIDIA**, and **Grafana** -- including the original inventors of both Kubernetes (Google) and the operator pattern (Red Hat). The vulnerability stems from an insecure trade-off between convenience and security: operators implement cross-namespace resource sharing to help users, but this also helps attackers.
AI review
A new class of Kubernetes vulnerabilities where operators break namespace isolation by accepting cross-namespace resource references. 14% of operators affected, with CVEs from Google, Red Hat, NVIDIA. Directly useful for anyone attacking or defending multi-tenant Kubernetes clusters.