kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity
kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity
www.stepsecurity.io /blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package
On March 5, 2026, a threat actor exploited a classic "Pwn Request" vulnerability in the CI workflow of kubernetes-el/kubernetes-el, a popular Emacs package for managing Kubernetes clusters. The attacker stole the repository's GITHUB_TOKEN (with full write permissions), exfiltrated CI/CD secrets, defaced the repository, and injected destructive code.
The package has since been removed from MELPA (a popular third-party Emacs package repository) and blocked from updating on the Emacsmirror, affecting users who depend on it for Kubernetes management within Emacs.