top of page
perceptive_background_267k.jpg

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEac…

Published:

23 April 2026 at 22:00:00

Alert date:

24 April 2026 at 05:01:43

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Security Tools

A critical vulnerability in Kyverno, a cloud-native policy engine, allows users with Policy or ClusterPolicy creation permissions to crash cluster controllers through an unchecked type assertion in the forEach mutation handler. The vulnerability affects versions prior to 1.17.2 and 1.16.4, causing persistent CrashLoopBackOff states and blocking resource operations. The issue is confined to the legacy engine, with CEL-based policies remaining unaffected. Fixed versions are available.

Technical details

Mitigation steps:

Affected products:

Kyverno

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41485
https://github.com/kyverno/kyverno/commit/76c8fdbe87328722e099e1fd44c3f21c9f7809cb
https://github.com/kyverno/kyverno/commit/80e728c2283a0c65e5adb02d8a907106e6ebe7e3
https://github.com/kyverno/kyverno/security/advisories/GHSA-fpjq-c37h-cqcv

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page