CVE-2026-22039

CriticalPublic PoC

Published: 27 January 2026

Published

27 January 2026

Modified

02 February 2026

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0002 6.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22039 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Kyverno Kyverno. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the authorization boundary bypass by requiring timely remediation of the specific flaw in Kyverno versions prior to 1.16.3 and 1.15.3 through vendor patches that enforce namespace limits on apiCall urlPath.

AC-6 Least Privilege good match

prevent

Limits the impact of the SSRF exploitation by ensuring the Kyverno admission controller ServiceAccount operates under least privilege RBAC, restricting it to only necessary API paths and namespaces.

SI-10 Information Input Validation good match

prevent

Prevents SSRF abuse of context variable substitution in urlPath by validating and sanitizing policy inputs to the Kyverno apiCall feature, blocking unauthorized cross-namespace or cluster-scoped requests.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Authorization bypass allows low-privileged Policy creators to abuse Kyverno admission controller ServiceAccount for cross-namespace/cluster-wide API actions, directly enabling privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount,…

with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests using Kyverno’s admission controller identity, targeting any API path allowed by that ServiceAccount’s RBAC. This breaks namespace isolation by enabling cross-namespace reads (for example, ConfigMaps and, where permitted, Secrets) and allows cluster-scoped or cross-namespace writes (for example, creating ClusterPolicies) by controlling the urlPath through context variable substitution. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

Deeper analysisAI

CVE-2026-22039 is a critical authorization boundary bypass vulnerability in the namespaced Kyverno Policy apiCall feature of Kyverno, a policy engine for cloud native platform engineering teams. It affects Kyverno versions prior to 1.16.3 and 1.15.3. The issue arises because the resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount without enforcement limiting requests to the policy's namespace. This allows control of the `urlPath` through context variable substitution, enabling Kyverno to perform Kubernetes API requests targeting any API path permitted by the ServiceAccount's RBAC. The vulnerability is rated 9.9 on the CVSS 3.1 scale (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management) and CWE-918 (Server-Side Request Forgery).

Any authenticated user with permission to create a namespaced Policy can exploit this vulnerability. By crafting a Policy that substitutes variables into the `urlPath`, the attacker causes Kyverno to issue Kubernetes API requests using the elevated privileges of the admission controller ServiceAccount. This breaks namespace isolation, allowing cross-namespace reads such as ConfigMaps and Secrets (where permitted by RBAC), as well as cluster-scoped or cross-namespace writes, for example creating ClusterPolicies.

Kyverno versions 1.16.3 and 1.15.3 address the vulnerability with patches, as detailed in the GitHub security advisory GHSA-8p9x-46gm-qfx2 and specific commits e0ba4de4f1e0ca325066d5095db51aec45b1407b and eba60fa856c781bcb9c3be066061a3df03ae4e3e. Security practitioners should upgrade to these fixed versions to mitigate the risk.