BIT-KYVERNO-2026-4789 CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

GHSA-QQRV-2HCH-83Q4 Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references. Original Description Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

CVE-2026-4789

Kyverno (versions 1.16.0 to present) contains a server-side request forgery (SSRF) in its CEL-based HTTP functions (Get and Post). The http.go library does not validate or scope URLs, allowing an attacker with namespace-level permissions to craft a malicious namespaced policy that issues arbitrar...

CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

Common Expression Language 输入验证错误漏洞

Common Expression Language is a common expression language interpreter written in Rust by cel-rust open source. An input validation error vulnerability exists in Common Expression Language version 0.10.0 through versions prior to 0.11.4, which stems from the fact that parsing a specific incorrect...

PT-2025-41615

Name of the Vulnerable Software and Affected Versions cel-rust versions 0.10.0 through 0.11.3 Description cel-rust is a Common Expression Language interpreter written in Rust. Parsing specific, malformed Common Expression Language CEL expressions can cause the parser to terminate unexpectedly. If...