Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Summary CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the configMap.namespace field accepts any namespace with zero validation, allowing a namespace...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the context variable evaluation process. An attacker with policy creation privileges can exhaust system memory and disrupt service availability with policies that exponentially...

GHSA-FPHV-W9FQ-2525 vulnerabilities

Vulnerabilities for packages: flux-source-controller, vexctl, tflint, kubescape, sigstore-scaffolding, spire-server, trivy-operator, zarf, kyverno-notation-aws, cosign, gh, skaffold, witness, falcoctl, rekor, buildkitd, teleport, ratify, docker, neuvector-sigstore-interface, ko, aactl, crossplane...

CVE-2026-23992 vulnerabilities

Vulnerabilities for packages: flux-source-controller, vexctl, tflint, kubescape, sigstore-scaffolding, spire-server, trivy-operator, zarf, kyverno-notation-aws, cosign, gh, skaffold, witness, falcoctl, rekor, buildkitd, teleport, ratify, docker, neuvector-sigstore-interface, ko, aactl, crossplane...

EUVD-2025-10993

Malicious code in bioql PyPI...

EUVD-2025-12613

Malicious code in bioql PyPI...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of JMESPath variable substitutions, specifically the lack of validation for invalid JMESPath functions within policy expressions. It allows nil values to be injected into places where...

CVE-2025-47281

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

CVE-2025-47281

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

CVE-2025-47281

CVE-2025-47281 affects Kyverno up to version 1.14.1, where DoS can be triggered by crafted JMESPath expressions using {{@}} with an invalid function, causing a nil substitution and a panic in getValueAsStringMap that crashes Kyverno worker threads and reports controller pod. The issue is fixed in...

CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

PT-2025-30438 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions 1.14.1 and below Description: Kyverno is susceptible to a Denial of Service DoS vulnerability stemming from improper handling of JMESPath variable substitutions. Attackers possessing permissions to create or update Kyverno...

CVE-2023-34091

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

CVE-2023-33191

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

CVE-2022-47633

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...

Privilege Escalation

github.com/kyverno/kyverno is vulnerable to Privilege Escalation. The vulnerability is due to missing error propagation in the GetNamespaceSelectorsFromNamespaceLister function and causing policy rules with namespace selectors to be skipped during admission review processing, allows an attacker...

GO-2025-3652 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno

Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno...

CVE-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...