Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
7DescriptionGitHub Advisory
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability - the configMap.namespace field accepts any namespace with zero validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account. This is a complete RBAC bypass in multi-tenant Kubernetes clusters. An updated fix is available in version 1.17.2.
AnalysisAI
Cross-namespace privilege escalation in Kyverno 1.17.x allows authenticated namespace administrators to bypass RBAC controls and read ConfigMaps from any Kubernetes namespace. The vulnerability exploits unvalidated configMap.namespace field in Kyverno's ConfigMap context loader, enabling attackers to leverage Kyverno's privileged service account permissions. This is a regression following incomplete fix for CVE-2026-22039, which addressed the same issue in apiCall context but missed the ConfigMap loader. Patch available in version 1.17.2. CVSS 7.7 with Changed Scope indicates significant multi-tenant cluster risk; EPSS data not available but the regression nature and RBAC bypass impact warrant immediate patching in multi-tenant environments.
Technical ContextAI
Kyverno is a Kubernetes-native policy engine that operates with elevated cluster privileges to enforce policies across namespaces. The vulnerability resides in Kyverno's ConfigMap context loader, which allows policy authors to reference external ConfigMaps as context data sources. The configMap.namespace parameter accepts arbitrary namespace values without validation against the requesting user's RBAC permissions. When a policy containing a ConfigMap context is evaluated, Kyverno's service account (which has cluster-wide read access) fetches the ConfigMap regardless of whether the policy author has permissions to that namespace. This violates the principle of least privilege and creates a confused deputy problem where Kyverno acts as a privilege escalation proxy. The root cause is CWE-863 (Incorrect Authorization), specifically missing authorization checks in the context loading phase. This mirrors CVE-2026-22039's URLPath validation issue but affects a different code path, indicating incomplete threat modeling during the original fix.
RemediationAI
Upgrade to Kyverno version 1.17.2 or later, as confirmed by vendor advisory GHSA-cvq5-hhx3-f99p and fix commit bbf3e5c01391d612968440659028ae98e565a777. For clusters unable to immediately upgrade, implement these compensating controls: First, audit all Kyverno policies for ConfigMap context usage with kubectl get clusterpolicies,policies --all-namespaces -o yaml | grep -A5 'configMap:' and review namespace references for cross-namespace access patterns. Second, restrict policy creation permissions to cluster administrators only by removing create/update verbs for Policy and ClusterPolicy resources from namespace-scoped RoleBindings (trade-off: reduces self-service policy management). Third, move sensitive ConfigMaps to a dedicated restricted namespace with network policies blocking pod access, relying on Kyverno's inability to enforce network-level isolation (trade-off: requires ConfigMap migration and application reconfiguration). Fourth, enable Kubernetes audit logging for ConfigMap read events from Kyverno's service account to detect exploitation attempts with audit.k8s.io/v1 rules (trade-off: increased log volume and analysis overhead). None of these workarounds fully mitigate the vulnerability; upgrade remains the only complete remediation. Vendor advisory: https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25382
GHSA-cvq5-hhx3-f99p