This study systematically reveals the significant impact of network misconfigurations on lateral movement attack risks in Kubernetes clusters. Addressing the limited coverage of existing detection tools, we propose a security assessment framework that integrates static configuration analysis with lateral movement path modeling. We conduct a large-scale, cross-organizational empirical study across 287 open-source applications, identifying— for the first time—634 real-world network misconfiguration vulnerabilities, far exceeding the detection capacity of mainstream tools. Our findings have driven remediation efforts in over 30 critical open-source projects; the proposed mitigation strategies have been adopted by multiple enterprises, substantially enhancing network isolation and overall security posture in production Kubernetes deployments.

Kubernetes has emerged as the de facto standard for container orchestration. Unfortunately, its increasing popularity has also made it an attractive target for malicious actors. Despite extensive research on securing Kubernetes, little attention has been paid to the impact of network configuration on the security of application deployments. This paper addresses this gap by conducting a comprehensive analysis of network misconfigurations in a Kubernetes cluster with specific reference to lateral movement. Accordingly, we carried out an extensive evaluation of 287 open-source applications belonging to six different organizations, ranging from IT companies and public entities to non-profits. As a result, we identified 634 misconfigurations, well beyond what could be found by solutions in the state of the art. We responsibly disclosed our findings to the concerned organizations and engaged in a discussion to assess their severity. As of now, misconfigurations affecting more than thirty applications have been fixed with the mitigations we proposed.