2 matches found
CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call
Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...
CVE-2026-42541
CVE-2026-42541 (Kubewarden RBAC Reconnaissance) : Affected Kubewarden versions allow an attacker with privileged AdmissionPolicy/AdmissionPolicyGroup create permissions to abuse the can_i host callback, which forwards a SubjectAccessReview (SAR) to the policy-server with elevated privileges. This...