Key Findings

• Kyverno, a popular Kubernetes-native policy engine, has released an urgent security update to address a critical vulnerability (CVE-2026-22039) with a maximum CVSS score of 10.

• The flaw allows any user with policy creation rights to effectively become a cluster admin, shattering Kyverno's isolation boundaries.

• The update also fixes a high-severity Denial of Service (DoS) vulnerability (CVE-2026-23881) with a CVSS score of 7.7.

Background

Kyverno is a Kubernetes-native policy engine that enables cluster administrators to manage and enforce policies across their entire Kubernetes environment. It is designed to provide a flexible and scalable way to apply security and compliance policies to Kubernetes resources.

Critical Privilege Escalation Vulnerability (CVE-2026-22039)

• The critical vulnerability, CVE-2026-22039, stems from a failure in how Kyverno handles API calls within namespaced policies.

• Normally, a policy created in a specific namespace (e.g., "dev-team-a") should stay within that sandbox. However, researchers discovered that the `apiCall` feature lacked this enforcement.

• The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, which typically holds broad, cluster-wide permissions.

• An attacker can exploit this by crafting a policy that substitutes variables into the `urlPath` field, tricking Kyverno into making requests on their behalf.

• Any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests targeting any API path allowed by that Service Account's RBAC.

• This allows for severe consequences, including privilege escalation, data exfiltration, and cluster disruption.

Denial of Service Vulnerability (CVE-2026-23881)

• Alongside the privilege escalation, the team also patched CVE-2026-23881, a Denial of Service vulnerability with a CVSS score of 7.7.

• This flaw allows users to crash the Kyverno engine by creating policies that trigger exponential memory consumption.

• Unbounded memory consumption in Kyverno's policy engine allows users to cause denial of service by crafting policies that exponentially amplify string data through context variables.

• If the cluster is configured with `failurePolicy: Ignore`, workloads could bypass all validation during the outage, leaving the door open for further attacks or misconfigurations.

Mitigation and Recommendations

• Both vulnerabilities affect Kyverno versions 1.16.2 and earlier, as well as 1.15.2 and earlier.

• The maintainers have released patched versions v1.16.3 and v1.15.3 that introduce strict validation logic to address the critical flaw.

• For the privilege escalation vulnerability, the new logic ensures that namespaced policies can only target resources within their own namespace, rejecting any requests that attempt to cross boundaries.

• Users are strongly recommended to update to the patched versions to mitigate these critical security risks.

Sources

• https://securityonline.info/cluster-admin-for-all-critical-kyverno-flaw-cvss-10-shatters-isolation/

• https://x.com/the_yellow_fall/status/2017054836072620347