Kubernetes hostPort allow services traffic interception when using kubeproxy IPVS (CVE-2019-9946) Host MITM attack via IPv6 rogue router advertisements (K8S / Docker / LXD / WSL2 / ) Bridge firewalling "bypass" using VLAN 0 Kubernetes MITM using LoadBalancer or ExternalIPs (CVE-2020-8554) Metadata service MITM allows root privilege escalation (EKS / GKE)