Skip to content
CVSS 8.1 · HIGH

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.

View on NVD

Analysis

Kyverno users should update immediately to address a high-severity flaw in ClusterPolicy API calls. The admission controller's high-privilege ServiceAccount token is automatically attached to outgoing requests without URL validation, allowing an attacker to steal the token and achieve full cluster compromise. Patches are available in versions 1.16.4, 1.17.2-rc1, and 1.18.0-rc1.

Severity

Score: 8.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: NONE
Weakness (CWE): CWE-200CWE-918

EPSS

Probability of exploitation (next 30 days): 0.0003 (0.0%)
Percentile: 7.1%
EPSS: 2026-05-06

Affects

kyverno:kyverno

Technical description

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.

Published: 4/24/2026, 4:16:20 AM
Last modified: 4/27/2026, 5:53:22 PM

References

HomeEventsBlogResourcesTeam