Home / Threat Intelligence bulletins / High-severity Kubernetes vulnerability discovered

Target Industry

Indiscriminate, opportunistic targeting.


A high-severity Kubernetes vulnerability, tracked as CVE-2023-3676 (CVSSv3 score: 8.8), has been discovered which results in all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges. Exploitation requires threat actors to merely inject a malicious YAML (YAML Ain’t Markup Language) file into the cluster.

Furthermore, a proof-of-concept (PoC) code has been released with regards to the security flaw.


Successful exploitation of CVE-2023-3676 would allow threat actors to perform RCE on any Windows node on a target machine with system privileges, thus resulting in the compromise of the integrity of data.

Vulnerability Detection

Akamai has released a kubectl command that allows users to determine whether or not one of the nodes in a cluster is a Windows node.

Affected Products

All Kubernetes versions prior to 1.28.

Containment, Mitigations & Remediations

It is strongly recommended that the relevant security patch is applied as soon as possible to mitigate against potential exploitation of CVE-2023-3676.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Kubernetes occupies a significant proportion of the cluster-management market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, cluster-based products could emerge as a prime target for threat actors. Due to the fact that Kubernetes clusters have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies


TA0002 – Execution

Further Information

Akamai Blog


An Intelligence Terminology Yardstick to showing the likelihood of events