CVE-2026-32193 – Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability

CVE-2026-32193 is a Critical remote code execution vulnerability affecting Azure Kubernetes Service (AKS). The flaw stems from improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. An attacker with low privileges who can run an untrusted container configured with hostNetwork could exploit the issue to access host-level services, escape the container boundary, and gain control of the underlying AKS worker node. Because the vulnerability results in a scope change, a compromise can extend beyond the original container security boundary and impact the host environment.

CVSS Score: 8.8
SEVERITY: Critical
THREAT:
This vulnerability presents a significant threat to cloud-native environments because it can enable an attacker to move from a compromised container into the underlying Kubernetes infrastructure. Once the worker node is compromised, attackers may gain access to workloads, credentials, sensitive data, and other cluster resources.

EXPLOITS:
Publicly Disclosed: No.
Exploited: No.
Exploitability Assessment: Exploitation Unlikely.
No public exploits, proof-of-concept code, or active exploitation are confirmed in the provided data.

TECHNICAL SUMMARY:
CVE-2026-32193 is caused by a path traversal vulnerability (CWE-22) within Azure Kubernetes Service. The flaw allows specially crafted requests originating from an untrusted container to interact with host-level services that were not intended for unauthenticated access. Successful exploitation may enable a container escape scenario where the attacker gains execution on the AKS worker node. The CVSS v3.1 metrics indicate low attack complexity, low privileges required, no user interaction, and a scope change, reflecting the ability to impact resources beyond the original security boundary.

EXPLOITABILITY:
Affected Product:
Azure Kubernetes Service (AKS)
An attacker requires the ability to run an untrusted container configured with hostNetwork. By sending crafted requests to vulnerable host-level services, the attacker may escape the container environment and execute code on the worker node.

BUSINESS IMPACT:
Container isolation is a foundational security control in Kubernetes environments. A successful container escape can undermine that isolation and provide attackers with access to workloads, secrets, application data, and cluster management functions. Organizations relying on AKS for production workloads could face service disruption, data exposure, unauthorized access, and broader cloud infrastructure compromise.

WORKAROUND:
No mitigations or workarounds are listed.
Where patching cannot be completed immediately, organizations should review the use of untrusted containers, restrict hostNetwork configurations where possible, and closely monitor AKS nodes for suspicious container-to-host activity.

URGENCY:
This vulnerability warrants immediate attention because it enables remote code execution that can cross security boundaries between containers and the host operating system. The combination of Critical severity, a CVSS v3.1 score of 8.8, low attack complexity, and the potential for worker node compromise makes rapid remediation important for protecting Kubernetes environments.