top of page
perceptive_background_267k.jpg

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyve…

Published:

23 April 2026 at 22:00:00

Alert date:

24 April 2026 at 05:01:43

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Identity & Access, Security Tools

Kyverno policy engine for Kubernetes contains a vulnerability in its ConfigMap context loader that allows complete RBAC bypass. The configMap.namespace field accepts any namespace without validation, enabling namespace admins to read ConfigMaps from any namespace using Kyverno's privileged service account. This represents a cross-namespace privilege escalation similar to the previously patched CVE-2026-22039. The vulnerability particularly impacts multi-tenant Kubernetes clusters where namespace isolation is critical for security. A fix is available in version 1.17.2 of Kyverno.

Technical details

Mitigation steps:

Affected products:

Kyverno

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41068
https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777
https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page