Skip to main content
7 min read·1,304 words

Kubernetes Attack Vectors

Last reviewed: — verified against Kubernetes 1.36.

Kubernetes security threats arise from misconfigurations, weak access controls, and unprotected workloads. Attackers exploit these vulnerabilities to escalate privileges, move laterally, and compromise clusters. This page is the head reference for the major attack vector categories on this site, organized by the resource that is targeted and the privilege required to exploit it.

Why Attack Vectors Matter

Threat-led security work begins with understanding how clusters are actually compromised in the wild. The catalogue below maps to real techniques observed in MITRE ATT&CK for Containers and to public incidents involving exposed Kubernetes APIs, leaked service account tokens, and supply-chain compromise. Without this perspective, defensive work tends to optimise for compliance over actual exploitability.

Each linked article walks through the technique step by step, the attacker's preconditions, and the mitigation. Use the categories as a checklist when threat-modelling a new cluster or workload.

Mapping Attack Vectors to MITRE ATT&CK Tactics

The categories on this page align with MITRE ATT&CK for Containers. The table below shows where each category fits and the typical entry point an attacker exploits.

CategoryPrimary ATT&CK TacticTypical Entry PointPrivilege Gained
API and Control PlaneInitial Access, DiscoveryExposed API server, kubelet, or dashboardCluster admin via the API
Container and RuntimePrivilege Escalation, Lateral MovementPrivileged or hostPath workloadsNode root from a pod
Identity and AccessPrivilege Escalation, Credential AccessOverprivileged ServiceAccount tokensCluster-scoped permissions
NetworkLateral Movement, CollectionLack of NetworkPolicy or exposed servicePod-to-pod or pod-to-cloud reach
Secrets and DataCredential Access, CollectionPlain-text Secrets, mounted volumesApplication credentials, IAM keys
Supply ChainInitial Access, PersistenceTampered image, malicious chartCode execution at deploy time
Cloud InfrastructureCredential Access, DiscoveryPod access to instance metadataCloud IAM credentials
Policy and ConfigurationDefense Evasion, ImpactDisabled or bypassed admission controlPolicy bypass, resource exhaustion

Use this table to focus mitigation effort on the tactics that are most relevant for your threat model.

Attack Vector Categories

API and Control Plane Attacks

Container and Runtime Attacks

Identity and Access Attacks

Network Attacks

Secrets and Data Attacks

Supply Chain Attacks

Cloud Infrastructure Attacks

Policy and Configuration Attacks

Each article provides step-by-step exploitation techniques, real-world risks, and a link to the corresponding mitigation guide to help you harden your Kubernetes environments.

Risk Profile by Category

Different attack categories vary in attacker preconditions, blast radius, and detectability. Use this table to prioritise hardening effort.

CategoryAttacker PreconditionBlast RadiusDetection DifficultyPrimary Mitigation
Privileged Container EscapePod create with privileged: true or hostPathNode root, then any pod on the nodeHard without runtime toolingPod Security Admission (restricted) + seccomp
Service Account Token AbusePod compromise + reachable API serverWhatever the SA can do — often cluster-wideAudit logs onlyDisable automountServiceAccountToken, scope RBAC
Lack of Network PoliciesPod compromise in the same clusterEvery pod the policy would have blockedEasy with NetworkPolicy logging or eBPFDefault-deny NetworkPolicy per namespace
Compromised API ServerNetwork reach + missing TLS/authnCluster adminEasy with audit logsRestrict --anonymous-auth=false, mTLS, OIDC
Supply Chain AttacksTampered image or chart accepted by registryCluster admin at first deployHard — looks like normal trafficImage signing (Cosign), admission verification
Cloud Metadata Service AbusePod egress to 169.254.169.254Cloud account scoped to that IAM roleHard at the cluster layer; visible at the cloud layerBlock IMDS via NetworkPolicy or IRSA / Workload Identity
Insecure Secrets ManagementPod compromise or etcd readAll Secrets accessible to that scopeHard — Secrets reads are not audited by defaultKMS v2 encryption at rest, external secret stores

Try It: Live YAML Security Analyzer

Many of the attacks above start with a workload that should never have been admitted in the first place. Paste a Kubernetes manifest below to see whether it ships any of the high-risk patterns this section catalogues — privileged containers, host mounts, missing NetworkPolicy targeting, automounted SA tokens.

Open the full YAML Analyzer →

Version-Specific Notes (Kubernetes 1.36)

Several controls relevant to attack-vector mitigation have stabilised in recent Kubernetes versions:

  • Pod Security Admission — GA since 1.25. The restricted profile blocks the workload patterns behind privileged-escape, hostPath, and supplemental-group-injection vectors.
  • Anonymous authentication restriction — Beta in 1.31, GA in 1.33. The --anonymous-auth-config flag lets the API server accept anonymous requests only on specific endpoints (such as /healthz), eliminating the historic "anonymous can hit any path" exposure.
  • Bound ServiceAccount tokens — Default behaviour. Tokens are projected with audience and expiration, so the long-lived tokens that powered classic SA-token-abuse paths are no longer the default.
  • User namespaces (hostUsers: false) — GA in 1.33. Reduces the impact of container-escape vectors by mapping in-pod root to an unprivileged UID on the host.

Removed APIs that previously enabled common attacks:

  • PodSecurityPolicy — Removed in 1.25. Clusters that still rely on PSP are unprotected; migrate to PSA or a policy engine (Kyverno, Gatekeeper).
  • extensions/v1beta1 Ingress — Removed in 1.22. Use networking.k8s.io/v1, which supports modern path-type semantics and TLS configuration.

Always check the Kubernetes deprecation guide before upgrading; security-relevant fields move through alpha/beta gates that are tied to feature-gate flags on the API server.

Defensive Principles for Threat Modelling

These principles apply when reasoning about every category above.

Assume Breach

Design controls so that a single compromised pod cannot reach cluster admin. NetworkPolicy, RBAC scoping, and automountServiceAccountToken: false are the three controls that most often interrupt the escalation chain.

Map Privilege to Blast Radius

Before granting a permission, ask "what does compromise of this identity allow?". A ClusterRole with secrets/get cluster-wide is a single SSRF away from leaking every Secret in the cluster.

Detect at Runtime

Static admission catches known-bad manifests; runtime detection catches the unknown. Pair Pod Security Admission with Falco or Tetragon for behaviours that bypass policy.

Verify Provenance

Treat every image and chart as untrusted until proven otherwise. Image signing (Cosign, Notation) plus admission-time verification is the only durable answer to supply-chain attacks.

Security Warning

Educational Content Only

The information and scripts in this section are intended for educational and security research purposes only. They demonstrate how attackers exploit misconfigurations and vulnerabilities in Kubernetes clusters.

Do not run these techniques on production systems or unauthorized environments.

Use this content only in controlled, isolated testing environments where you have explicit permission. Misuse may violate company policies or legal regulations.

You are responsible for how you use this information.

Conclusion

The categories on this page cover the techniques that compromise real Kubernetes clusters. Pair each linked article with its corresponding best practice to close the gap between threat and mitigation, and use the YAML analyzer above to validate manifests before they reach production.