Malicious Code Execution and Container Escape

A compromised container is bad. A container escape is catastrophic. Once an attacker breaks out of the container boundary, they land on the node itself, with access to the kubelet's credentials, the host filesystem, and every other pod scheduled on that machine. From there, lateral movement to the rest of the cluster is a matter of minutes.

The CNCF Kubernetes Threat Model identifies malicious code execution as one of three primary attack tree goals, alongside persistence and denial of service. The attack surface is the shared kernel: every container on a node runs against the same Linux kernel, separated only by namespaces and cgroups. When those boundaries break, nothing else holds.