Skip to main content

Kyverno CVE-2026-41323

| EUVDEUVD-2026-25389 HIGH
Information Exposure (CWE-200)
2026-04-24 GitHub_M GHSA-f9g8-6ppc-pqq4
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

7
Patch released
Apr 27, 2026 - 17:53 nvd
Patch available
Re-analysis Queued
Apr 24, 2026 - 12:22 vuln.today
cvss_changed
Patch available
Apr 24, 2026 - 05:31 EUVD
Analysis Generated
Apr 24, 2026 - 04:30 vuln.today
EUVD ID Assigned
Apr 24, 2026 - 04:00 euvd
EUVD-2026-25389
Analysis Generated
Apr 24, 2026 - 04:00 vuln.today
CVE Published
Apr 24, 2026 - 03:21 nvd
HIGH 8.1

DescriptionGitHub Advisory

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation - it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.

AnalysisAI

Kyverno's apiCall feature automatically attaches the admission controller's ServiceAccount token to HTTP requests without validating the destination URL, enabling authenticated attackers to exfiltrate tokens to attacker-controlled servers and achieve full cluster compromise through webhook configuration tampering. Affects Kyverno versions prior to 1.18.0-rc1, 1.17.2-rc1, and 1.16.4. Vendor-released patches available across all three affected version branches. EPSS data not provided, but the vulnerability enables privilege escalation from low-privilege Kubernetes user to cluster admin via token theft, representing critical risk in multi-tenant environments.

Technical ContextAI

Kyverno is a Kubernetes policy engine that uses admission webhooks to enforce policies. The vulnerable apiCall feature allows ClusterPolicy resources to make external HTTP calls during policy evaluation. The flaw (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) lies in the automatic attachment of the admission controller's ServiceAccount token to these HTTP requests combined with complete absence of URL validation. In Kubernetes RBAC architecture, the admission controller ServiceAccount requires elevated privileges including the ability to patch MutatingWebhookConfiguration and ValidatingWebhookConfiguration resources to manage its own webhook endpoints. By directing apiCall to an attacker-controlled HTTPS endpoint, the ServiceAccount bearer token is leaked in the Authorization header, which can then be replayed to the Kubernetes API server with full admission controller privileges.

RemediationAI

Upgrade Kyverno to patched versions: 1.18.0-rc1 or later for 1.18.x deployments, 1.17.2-rc1 or later for 1.17.x deployments, or 1.16.4 or later for 1.16.x deployments. Patches implement URL validation and restrict ServiceAccount token attachment in apiCall features per commits bc4f91c, c2eab00, and f70e8ac. If immediate patching is not feasible, implement compensating controls by restricting ClusterPolicy create/update RBAC permissions to only highly trusted administrators (reducing attack surface to PR:H effectively), deploying network policies to block egress from the kyverno admission controller pods to external networks (prevents token exfiltration but may break legitimate apiCall use cases requiring external connectivity), and enabling comprehensive audit logging for ClusterPolicy modifications and admission controller network connections to detect exploitation attempts. Review existing ClusterPolicy resources for unexpected apiCall directives pointing to non-organizational domains. Note that egress blocking will disable all external apiCall functionality, potentially breaking legitimate policy workflows. Full remediation details at https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-41323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy