CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2026/04/28 10:46 a.m.•6 views

BIT-KYVERNO-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS5.3AI score0.00369EPSS

Exploits1References4

Github Security Blog•added 2026/04/24 8:40 p.m.•5 views

Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

7.7CVSS5.5AI score0.00369EPSS

Exploits1References5Affected Software1

NVD•added 2026/04/24 4:16 a.m.•4 views

CVE-2026-41485

7.7CVSS0.00369EPSS

Exploits1References3

Vulnrichment•added 2026/04/24 3:27 a.m.•6 views

CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic

7.7CVSS5.2AI score0.00369EPSS

Exploits1References3

CVE•added 2026/04/24 3:27 a.m.•9 views

CVE-2026-41485

Kyverno statement: Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler can be triggered by a user with policy creation rights, causing the cluster-wide background controller to crash into a persistent CrashLoopBackOff and the admission controller to dr...

7.7CVSS5.7AI score0.00369EPSS

Exploits1References3Affected Software1