Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyve…

Kyverno policy engine contains a critical vulnerability in its ConfigMap context loader that allows namespace administrators to read ConfigMaps from any namespace. This vulnerability bypasses RBAC controls in multi-tenant Kubernetes clusters by exploiting the lack of validation in the configMap.namespace field. The issue is similar to a previously patched vulnerability CVE-2026-22039 but affects a different component. Attackers can leverage Kyverno's privileged service account to access unauthorized ConfigMaps across namespaces. A fix is available in version 1.17.2.