CVE-2026-29773

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.33.0

Description Kubewarden is a policy engine for Kubernetes. An attacker with privileged "AdmissionPolicy" create permissions could leverage three deprecated host-callback APIs: kubernetes/ingresses, kubernetes/namespaces, and kubernetes/services. By crafting a policy that utilizes these APIs, an attacker gains read access to Ingresses, Namespaces, and Services resources. This access is read-only, with no write capabilities and no access to sensitive data like Secrets or ConfigMaps. The attacker could potentially reveal cluster internal topology by reading Service information, and access namespace names and labels, and Ingress hostnames and routing rules.

Recommendations Update the policy-server image used by PolicyServers to version 1.33.0. Alternatively, temporarily reduce the permissions of users to prevent them from creating or updating namespaced AdmissionPolicies or AdmissionPolicyGroups.