CVE-2026-32737
Received Received - Intake
NetworkPolicy Misconfiguration in Romeo Allows Lateral Movement

Publication date: 2026-03-18

Last updated on: 2026-03-25

Assigner: GitHub, Inc.

Description
Romeo gives the capability to reach high code coverage of Go β‰₯1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Removing the `inter-ns` NetworkPolicy patches the vulnerability in version 0.2.1. If updates are not possible in production environments, manually delete `inter-ns` and update as soon as possible. Given one's context, delete the failing network policy that should be prefixed by `inter-ns-` in the target namespace.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32737
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ctfer-io romeo to 0.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Romeo, a tool that helps measure code coverage for Go applications within GitHub Actions. Prior to version 0.2.1, a mis-written NetworkPolicy allowed a malicious actor to pivot from the "hardened" namespace to any Pod outside of it. This breaks the expected security-by-default property of the deployment, enabling potential lateral movement within the environment.

The issue is fixed in version 0.2.1 by removing the problematic `inter-ns` NetworkPolicy. If updating is not possible, the workaround is to manually delete the `inter-ns` NetworkPolicy to mitigate the vulnerability.

Impact Analysis

This vulnerability can allow a malicious actor to move laterally from a secured namespace to other Pods outside that namespace. This lateral movement can lead to unauthorized access to resources and potentially compromise other parts of the system that were expected to be isolated and secure.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking for the presence of the mis-written NetworkPolicy named with the prefix 'inter-ns-' in the target namespace. Identifying such a NetworkPolicy indicates the system is vulnerable to lateral movement.

A suggested command to detect this on a Kubernetes cluster is to list NetworkPolicies and filter those with the 'inter-ns-' prefix, for example:

  • kubectl get networkpolicy -A | grep inter-ns-

If any NetworkPolicy with this prefix is found, it indicates the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to remove the vulnerable NetworkPolicy named with the prefix 'inter-ns-' in the target namespace.

If updating to version 0.2.1 or later is not possible in production environments, manually delete the 'inter-ns' NetworkPolicy to patch the vulnerability.

  • kubectl delete networkpolicy inter-ns-<name> -n <target-namespace>

After deletion, update Romeo to version 0.2.1 or later as soon as possible to ensure the vulnerability is fully patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32737. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart