Admission-controller abuse TL;DR: Webhook-failure-policy and TOCTOU between admission and runtime as bypass primitives. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO