Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEac…

A vulnerability in Kyverno policy engine versions prior to 1.17.2 and 1.16.4 allows users with policy creation permissions to crash the cluster-wide background controller through an unchecked type assertion in the forEach mutation handler. The bug causes persistent CrashLoopBackOff states and blocks resource operations by dropping admission controller connections. The vulnerability affects only the legacy engine, while CEL-based policies remain unaffected. The crash loop continues until the malicious policy is deleted, making it a significant availability threat for Kubernetes clusters using Kyverno.