Kubernetes Secrets API Exposure Probe for 2026-03-04

Last Updated: 12:10 UTC

Direct requests to /api/v1/namespaces/{ns}/secrets attempt to read all Kubernetes secrets in the namespace from a misconfigured or unauthenticated kube-apiserver. A successful response exposes service account tokens, TLS keys, and application credentials.

MITRE ATT&CK

Tactic: Credential Access (TA0006)
Technique: T1552.007 — Container API

Observed URIs

  • /api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
  • /k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
  • /api/v1/namespaces/default/secrets

Attackers by Country

IP Address : ASN : City/Provider

Share on: