Copy Fail: From Unprivileged Pod to Kubernetes Node Root
This article covers two complementary paths: the CNI wrapper staging chain, and the fully autonomous operator-SA compromise that eliminates the external trigger dependency. Both are proven on Talos Linux v1.12.4, Cilium v1.18.x, kernel 6.18.9. Update (May 5th): code and building blocks on GitHub: https://github.com/clementnuss/copyfail-cve-exploits Context I work at PostFinance, where we run a Kubernetes platform supporting banking workloads. Our production clusters run Debian 12 with kernel 6.1.158+, which happens to be not vulnerable to CVE-2026-31431 (more on that at the end). ...