Is Kyverno affected by CVE-2026-41323?

Kyverno versions prior to 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 contain an authentication token exfiltration vulnerability in the apiCall feature that allows authenticated cluster users to steal the admission controller's ServiceAccount token and achieve full cluster compromise.

Kyverno CVE-2026-41323

EUVD-2026-25389 HIGH

Information Exposure (CWE-200)

2026-04-24 GitHub_M

GHSA-f9g8-6ppc-pqq4

Information Disclosure Suse

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 12:22 vuln.today

cvss_changed

Patch available

Apr 24, 2026 - 05:31 EUVD

Analysis Generated

Apr 24, 2026 - 04:30 vuln.today

DescriptionNVD

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation - it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.

AnalysisAI

Kyverno's apiCall feature automatically attaches the admission controller's ServiceAccount token to HTTP requests without validating the destination URL, enabling authenticated attackers to exfiltrate tokens to attacker-controlled servers and achieve full cluster compromise through webhook configuration tampering. Affects Kyverno versions prior to 1.18.0-rc1, 1.17.2-rc1, and 1.16.4. …

RemediationAI

Within 24 hours: Inventory all Kyverno deployments and identify version numbers; isolate or restrict network egress from Kyverno pods to prevent token exfiltration. Within 7 days: Apply vendor-released patches-upgrade to Kyverno 1.18.0-rc1 or later, 1.17.2-rc1 or later, or 1.16.4 or later depending on your current branch. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-6920 CRITICAL Act Now

9.6 Apr 23

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromi

CVE-2026-6919 CRITICAL Act Now

9.6 Apr 23

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the re

CVE-2026-41196 CRITICAL Act Now

9.0 Apr 23

Remote code execution in Luanti 5.0.0 through 5.15.1 allows authenticated attackers to escape the Lua sandbox via malici

CVE-2026-6921 HIGH This Week

8.3 Apr 23

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandb

CVE-2026-41477 HIGH This Week

7.8 Apr 24

Local privilege escalation in Deskflow (all versions up to 1.20.0 stable and 1.26.0.134 continuous) allows any low-privi

Vendor StatusVendor

CVE-2026-41323 vulnerability details – vuln.today

Back