CVE-2026-23881

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.16.3 Kyverno versions prior to 1.15.3

Description Kyverno is a policy engine for cloud native platform engineering teams. Affected versions experience unbounded memory consumption within the policy engine. Users with policy creation privileges can trigger a denial of service by creating policies that exponentially amplify string data using context variables. This issue is similar to a 'Billion Laughs' style attack, where an attacker can cause the system to crash by exhausting available memory.

Recommendations Update to Kyverno version 1.16.3 or later. Update to Kyverno version 1.15.3 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-KYVERNO-2026-23881

CLEANSTART-2026-GK29346

CLEANSTART-2026-WB12909

CVE-2026-23881

GHSA-R2RJ-WWM5-X6MQ

GO-2026-4382

SUSE-SU-2026:0403-1

Affected Products

Kyverno

CVE-2026-23881

Weakness Enumeration

Related Identifiers

Affected Products

References · 163