PT-2026-34846 · Kyverno · Kyverno

Koreasecurity

Published

2026-04-16

Updated

2026-04-29

CVE-2026-41323

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.18.0 Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4

Description The apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. Because the service URL lacks validation, it can be directed to attacker-controlled servers. Since the admission controller ServiceAccount possesses permissions to patch webhook configurations, the theft of this token can result in full cluster compromise.

Recommendations Update to version 1.18.0 or newer. Update to version 1.17.2 or newer. Update to version 1.16.4 or newer. Rotate ServiceAccount tokens.

Exploit

Fix

SSRF

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-200

Related Identifiers

BIT-KYVERNO-2026-41323

CVE-2026-41323

GHSA-F9G8-6PPC-PQQ4

Affected Products

Kyverno

PT-2026-34846 · Kyverno · Kyverno

CVE-2026-41323

Weakness Enumeration

Related Identifiers

Affected Products

References · 10