Breaking: Kubernetes v1.36 Ships GA Authorization to Fix Kubelet API Vulnerability
The Kubernetes community just released version 1.36, making fine-grained kubelet API authorization generally available (GA). This feature replaces the dangerous nodes/proxy permission that previously let any workload run arbitrary commands inside containers.
"This is a major security milestone," said the Kubernetes SIG Auth and SIG Node teams in a joint announcement. "For years, the coarse-grained model forced administrators to grant overly broad access, creating an unacceptable blast radius."
The KubeletFineGrainedAuthz feature gate is now locked to enabled. It was introduced as alpha in v1.32, became beta by default in v1.33, and now reaches GA in v1.36.
Background: The nodes/proxy Problem
The kubelet exposes an HTTPS API containing pod listings, node metrics, container logs, and exec endpoints — the latter allowing command execution inside running containers. Previously, webhook authorization mapped nearly all kubelet API paths to a single nodes/proxy subresource.
This meant any monitoring agent, log collector, or health checker needed that same permission to read metrics. If compromised, an attacker could immediately execute commands in every container on the node. The community tracked this issue in kubernetes/kubernetes#83465 for years, driving the creation of KEP-2862.
The WebSocket RCE Risk
The danger extends beyond read access. Security researchers in early 2026 demonstrated that nodes/proxy GET alone — even the minimal read-only permission — can be abused to execute commands. The root cause lies in how WebSocket connections bypass RBAC checks.
"The WebSocket handshake uses an HTTP GET, which the kubelet maps to the get verb. It never verifies that create permission exists for the subsequent write operation," researchers explained. An attacker can use a tool like websocat to reach the /exec endpoint directly on port 10250 and run arbitrary payloads:
websocat --insecure --header "Authorization: Bearer $TOKEN" --protocol v4.channel.k8s.io "wss://$NODE_IP:10250/exec/default/nginx/nginx?ou"This flaw turns any monitoring tool with nodes/proxy GET into a potential remote code execution vector.
What This Means
With v1.36, administrators can now apply least-privilege access to specific kubelet endpoints. Instead of granting blanket nodes/proxy, they can give monitoring agents only the metrics or logs permissions they need, while blocking exec access entirely.
This dramatically reduces the blast radius of a compromised workload. The feature also enables finer audit trails and simplifies compliance with security frameworks. Teams should upgrade to Kubernetes v1.36 as soon as possible.
"This is not just a nice-to-have — it's a critical fix for a vulnerability that has been exploited in the wild," warned the security research team. "Deploying this GA feature is the only way to fully eliminate the nodes/proxy WebSocket RCE risk."