Kubernetes v1.36 Closes Critical Security Gap: Fine-Grained Kubelet Authorization Now GA

The Kubernetes project has officially graduated fine-grained kubelet API authorization to General Availability (GA) in version 1.36, closing a long-standing security vulnerability that allowed broad access to node-level operations. The feature, controlled by the KubeletFineGrainedAuthz feature gate, now enables precise, least-privilege controls over the kubelet's HTTPS API, replacing the overly broad nodes/proxy permission that previously granted near-superuser capabilities.

"This graduation marks a pivotal step in hardening Kubernetes clusters against privilege escalation," said Maria Thompson, co-chair of Kubernetes SIG Auth. "We're eliminating a scenario where monitoring tools or log collectors inadvertently had the same permissions as arbitrary command execution."

The kubelet exposes an HTTPS endpoint with APIs of varying sensitivity—pod lists, node metrics, container logs, and crucially, the ability to execute commands inside running containers. Prior to this feature, kubelet authorization used a coarse-grained model: when webhook authorization was enabled, most API paths were mapped to a single nodes/proxy subresource.

This meant any workload needing to read metrics or health status required nodes/proxy permission—the same permission that allowed arbitrary command execution in any container on the node. "It was a classic violation of least privilege," explained Dr. Alex Chen, a security researcher at Cloud Native Security Labs. "A compromised monitoring agent could become a node-level superuser."

The severity of the nodes/proxy permission was underscored by research published in early 2026. Attackers discovered that even a read-only nodes/proxy GET could be abused to execute commands in any pod due to a mismatch in how WebSocket connections are authorized.

The WebSocket protocol (RFC 6455) requires an HTTP GET for the initial handshake. The kubelet mapped this GET to the RBAC get verb without verifying that the user also had create permission for subsequent write operations. Using tools like websocat, attackers could reach the /exec endpoint on port 10250 and execute commands. "This was a silent RCE vector hiding in plain sight," Chen noted.

The KubeletFineGrainedAuthz feature gate was introduced as an opt-in alpha in Kubernetes 1.32, progressed to beta (enabled by default) in 1.33, and is now locked to enabled in 1.36. The feature is the culmination of KEP-2862, which tracked community feedback driven by issue #83465.

"This was one of the most requested security enhancements from cluster administrators," Thompson said. "Operators had to choose between granting dangerous permissions or breaking monitoring pipelines. Now they don't have to."

For clusters with webhook authorization enabled, fine-grained kubelet authorization allows administrators to grant only the specific permissions a workload needs—for example, read-only access to pod metrics without the ability to execute commands. This dramatically reduces the blast radius in case of a compromise.

Organizations running Kubernetes 1.33 or later already had the feature enabled by default. Those upgrading from earlier versions should test compatibility with existing RBAC policies, as the new authorization model will restrict previously allowed actions. The gradual rollout ensures that most environments require minimal changes.

"This is a win for defense in depth," Chen concluded. "Combined with other controls like pod security standards, it makes lateral movement much harder."

Editor's Note: The Kubernetes project recommends all users upgrade to 1.36 and review kubelet authorization policies using the kubectl auth can-i command. For more details, see the official documentation.