Is github.com/ctfer-io/chall-manager/deploy affected by CVE-2026-32768?

Go github.com/ctfer-io/chall-manager/deploy is affected in <0.6.5.

Is CVE-2026-32768 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2026-32768

Q: Is CVE-2026-32768 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Go · github.com/ctfer-io/chall-manager/deploy • Go · github.com/ctfer-io/chall-manager/sdk

Summary

Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace in github.com/ctfer-io/chall-manager/deploy

Severity: medium
EPSS: 0.3% (p20)
Also known as: GHSA-mw24-f3xh-j3qv, GHSA-mw24-f3xh-j3qv#github.com/ctfer-io/chall-manager/deploy, GHSA-mw24-f3xh-j3qv#github.com/ctfer-io/chall-manager/sdk, GO-2026-4718, GO-2026-4718#github.com/ctfer-io/chall-manager/deploy, GO-2026-4718#github.com/ctfer-io/chall-manager/sdk
Published: 2026-03-26

References

https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-mw24-f3xh-j3qv
https://nvd.nist.gov/vuln/detail/CVE-2026-32768
https://github.com/ctfer-io/chall-manager/commit/dc5ef27dfed2befef7f506ab8ca14d062b0d79c5

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.