top of page
perceptive_background_267k.jpg

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyve…

Published:

23 april 2026 om 22:00:00

Alert date:

24 april 2026 om 05:01:43

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Identity & Access, Security Tools

Kyverno policy engine for Kubernetes contains a vulnerability in its ConfigMap context loader that allows complete RBAC bypass. The configMap.namespace field accepts any namespace without validation, enabling namespace admins to read ConfigMaps from any namespace using Kyverno's privileged service account. This represents a cross-namespace privilege escalation similar to the previously patched CVE-2026-22039. The vulnerability particularly impacts multi-tenant Kubernetes clusters where namespace isolation is critical for security. A fix is available in version 1.17.2 of Kyverno.

Technical details

Mitigation steps:

Affected products:

Kyverno

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41068
https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777
https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page