Is github.com/flannel-io/flannel affected by CVE-2026-32241?

Go github.com/flannel-io/flannel is affected in <0.28.2.

Is CVE-2026-32241 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.7%.

medium

CVE-2026-32241

Q: Is CVE-2026-32241 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.7%.

Go · github.com/flannel-io/flannel

Summary

Flannel has cross-node remote code execution via extension backend BackendData injection in github.com/flannel-io/flannel

Severity: medium
EPSS: 2.7% (p84)
Also known as: GHSA-vchx-5pr6-ffx2, GO-2026-4894
Published: 2026-04-02

References

https://github.com/flannel-io/flannel/security/advisories/GHSA-vchx-5pr6-ffx2
https://nvd.nist.gov/vuln/detail/CVE-2026-32241
https://github.com/flannel-io/flannel/commit/08bc9a4c990ae785d2fcb448f4991b58485cd26a

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.