Flannel patches Extension backend command injection enabling cluster-wide root RCE

TL;DR — Flannel’s experimental Extension backend can be abused for command injection via the flannel.alpha.coreos.com/backend-data Node annotation, enabling cluster-wide root code execution on Flannel nodes.

What happened

Flannel is a Kubernetes CNI/networking solution used to provide pod-to-pod connectivity across nodes.

A GitHub-reviewed advisory (CVE-2026-32241) reports a command injection in Flannel’s experimental Extension backend, which “uses shell commands stored in Kubernetes annotations to configure network connectivity on the node.” The advisory states that an attacker who can set Kubernetes Node annotations can achieve root-level arbitrary command execution on every Flannel node in the cluster.

Per the advisory, the Extension backend’s SubnetAddCommand and SubnetRemoveCommand accept attacker-controlled data via stdin from the flannel.alpha.coreos.com/backend-data Node annotation; the annotation content is unmarshalled and “piped directly to a shell command without checks.”

Severity is High (CVSS v3.1 base score 7.5). This is a classic “Kubernetes control-plane writes → node agent executes” trust-boundary failure: any pathway that lets untrusted principals influence Node metadata becomes a direct code-execution primitive when node-level components consume it unsafely.

Who is impacted

• Kubernetes clusters running github.com/flannel-io/flannel that use the experimental Extension backend.
• The advisory explicitly notes: “Other backends such as vxlan and wireguard are unaffected.”

What to do now

• Follow vendor remediation guidance and apply the latest patched release available at the time of writing.

  "This is fixed in version v0.28.2."

• Determine whether any clusters are using Flannel’s experimental Extension backend (this vulnerability does not apply to vxlan/wireguard per the advisory).
• If consumers cannot update to a patched version, follow the advisory’s workaround guidance:

  "If consumers cannot update to a patched version, then use Flannel with another backend such as vxlan or wireguard."

• Treat the ability to set/modify Kubernetes Node annotations as high-risk: audit which identities (humans, controllers, CI/CD, admission controllers) can mutate Node metadata, and monitor for unexpected writes to flannel.alpha.coreos.com/backend-data.