Tag: Kubernetes

Container Escape Prevention: What Stops a Compromised Pod From Owning the Node

A container with hostPID, hostNetwork, or privileged mode enabled is not meaningfully isolated from the host — it is a shell on the node with extra steps.

May 28, 2026
Kubernetes RBAC Over-Permissioning: Finding and Fixing cluster-admin Sprawl

cluster-admin bindings are the sudo of Kubernetes — they bypass all RBAC controls, and in most production clusters, they are assigned to more subjects than anyone realizes.

January 27, 2026

Container Escape Prevention: What Stops a Compromised Pod From Owning the Node