Privilege-Escalation on it-learn.io | IT, Networking & Cybersecurity Blog

Kubernetes RBAC Bypass: When Least Privilege Isn't Actually Configured

Mon, 20 Apr 2026 00:00:00 +0000

Kubernetes RBAC (Role-Based Access Control) is the cluster’s primary authorization system. Properly configured, it enforces least privilege so that a compromised pod, developer account, or CI/CD pipeline cannot escalate to cluster control. In practice, RBAC is frequently misconfigured in ways that create exactly the escalation paths it was designed to prevent.

The misconfigurations are often subtle: a wildcard that looks like a shortcut, a cluster-admin binding on a CI service account for convenience, a default service account left with auto-mounted tokens. This post maps the complete attack surface, demonstrates exploitation techniques, and provides the audit commands and policies to detect and remediate each issue.

Container Escape: Breaking Out of Docker Into the Host

Sun, 19 Apr 2026 00:00:00 +0000

Containers are not virtual machines. This is one of the most consequential misunderstandings in modern infrastructure security. Where a virtual machine has a full hypervisor isolation layer separating guest and host kernels, a container shares the host kernel directly. The isolation that makes containers lightweight — Linux namespaces and cgroups — is also what makes them escapable when misconfigured or when vulnerabilities are present.

This post examines how container isolation works at the kernel level, walks through the primary escape vectors with working demonstrations, covers real CVEs that enabled escapes, and provides a concrete detection and hardening framework.