CVE-2026-40868

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.16.4

Description The apiCall servicecall helper implicitly injects an 'Authorization: Bearer ...' header using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Since the variable context.apiCall.service.url is policy-controlled, this can lead to a confused deputy scenario where the serviceaccount token is sent to an attacker-controlled endpoint. This issue is scoped to ClusterPolicy and global context usage, as namespaced policies are blocked from servicecall usage by the urlPath gate in the pkg/engine/apicall/apiCall.go file. An attacker with the ability to create or update a ClusterPolicy or create a GlobalContextEntry can choose the request URL and headers to exfiltrate the token.

Recommendations Update to version 1.16.4. Set an explicit Authorization header in servicecall policies to prevent implicit token injection. Avoid using servicecall to arbitrary urls in policies.