PT-2026-34849 · Kyverno · Kyverno
Thevilledev
·
Published
2026-04-24
·
Updated
2026-04-28
·
CVE-2026-41485
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Kyverno versions prior to 1.17.2
Kyverno versions prior to 1.16.4
Description
An unchecked type assertion in the
forEach mutation handler allows a user with permissions to create a Policy or ClusterPolicy to cause the cluster-wide background controller to enter a persistent CrashLoopBackOff, which is a state where a container repeatedly crashes and restarts. This issue also causes the admission controller to drop connections and block all matching resource operations. The crash loop continues until the policy is deleted. This issue is limited to the legacy engine, while CEL-based policies are not affected.Recommendations
Update to version 1.17.2
Update to version 1.16.4
Exploit
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kyverno