Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references. Original Description Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

CVE-2026-4789

Kyverno (versions 1.16.0 to present) contains a server-side request forgery (SSRF) in its CEL-based HTTP functions (Get and Post). The http.go library does not validate or scope URLs, allowing an attacker with namespace-level permissions to craft a malicious namespaced policy that issues arbitrar...

PT-2026-29129

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.16.0 and later Description Kyverno is susceptible to Server-Side Request Forgery SSRF because of unrestricted Common Expression Language CEL HTTP functions. Recommendations Update to a newer version that contains a fix for...

CVE-2024-38769

Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11...

CVE-2022-45891

Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads Upload2.ashx or access content uploaded by other users View.aspx after Ajax.asmx/SaveGrantAccessList...