77 matches found
CLEANSTART-2026-KV53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Security vulnerability affects the kyverno-policy-reporter-kyverno-plugin package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
CVE-2026-41323
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...
CVE-2026-41485
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
CVE-2026-40898 vulnerabilities
Vulnerabilities for packages: kubo-fips, jitsucom-bulker, kubedock, spegel-fips, prometheus-blackbox-exporter, traefik, dkron, k8sgateway, kyverno-policy-reporter-plugins-trivy, kyverno-policy-reporter-fips, teleport, kubernetes-dns-node-cache-fips, eks-distro, kyverno-policy-reporter, q, spegel,...
GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities
Vulnerabilities for packages: kubo-fips, jitsucom-bulker, kubedock, spegel-fips, prometheus-blackbox-exporter, traefik, dkron, k8sgateway, kyverno-policy-reporter-plugins-trivy, kyverno-policy-reporter-fips, teleport, kubernetes-dns-node-cache-fips, eks-distro, kyverno-policy-reporter, q, spegel,...
CLEANSTART-2026-GB46352 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, CVE-2026-39883, ghsa-2464-8j7c-4cjm, ghsa-78h2-9frx-2jm8, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 3.3.2-r0, 3.5.0-r0, 3.7.2-r0, 3.7.3-r0, 3.7.3-r1, 3.7.3-r2, 3.7.4-r0
Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-GXHX-2686-5H9G vulnerabilities
Vulnerabilities for packages: kubernetes-event-exporter, argo-events, bento, kubewatch, goreleaser, argo-rollouts, argo-cd, kyverno-policy-reporter, atlantis...
CVE-2026-44245
CVE-2026-44245 affects Kyverno’s policy-reporter-ui where the PropertyCard.vue component uses Vue.js v-html to render non-URL strings, bypassing escaping and allowing stored HTML payloads from Kubernetes PolicyReport.results[].properties to flow into the DOM. The isURL() guard only filters http/h...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: ko, cosign, kyverno, buildkitd, kyverno-fips, teleport, tekton-chains, trivy-fips, tflint, docker, docker-cli-buildx-fips, trivy-operator, livekit-cli, tkn-fips, cloudbeat-fips, falcoctl-fips, cosign-fips, chainloop-cli, zot, ratify-fips, docker-fips, goreleaser,...
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
CVE-2026-41323
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...
CVE-2026-40868
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...
CLEANSTART-2026-WB12909 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...
CLEANSTART-2026-UQ68343 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...
CLEANSTART-2026-CR55131 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...
PT-2026-34846
Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.18.0 Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4 Description The apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP request...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: cilium-certgen-fips, nova-fips, oras, flux-helm-controller, dkron, k8s-metacollector, nemo, atlas-fips, tailscale, commercial-chainloop-backend, aws-privateca-issuer, aws-privateca-issuer-fips, flux-operator, karma-fips, grafana-operator-fips, polaris, smokescreen,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: cilium-certgen-fips, nova-fips, oras, flux-helm-controller, dkron, k8s-metacollector, nemo, atlas-fips, tailscale, commercial-chainloop-backend, aws-privateca-issuer, aws-privateca-issuer-fips, flux-operator, karma-fips, grafana-operator-fips, polaris, smokescreen,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: cloud-provider-aws-fips, azure-container-networking, dex-k8s-authenticator, kubeflow-fips, mc-fips, argo-events, terraform-provider-databricks, rabbitmq-default-user-credential-updater-fips, fleet-server, hubble-ui, dkron, k8s-metacollector,...
CLEANSTART-2026-MU81308 gRPC-Go is the Go language implementation of gRPC
Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...