CVE-2026-40868
Published: 21 April 2026
Summary
CVE-2026-40868 is a high-severity Insecure Storage of Sensitive Information (CWE-922) vulnerability in Kyverno Kyverno. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the specific flaw in Kyverno's apiCall servicecall helper by patching to version 1.16.4 or later, eliminating the implicit token injection vulnerability.
Restricts access to ClusterPolicy creation and modification to authorized roles, preventing low-privilege attackers from deploying malicious policies that exploit the servicecall helper.
Enforces boundary protection via network policies to block Kyverno outbound connections to untrusted endpoints, stopping the serviceaccount token from reaching attacker-controlled URLs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables theft of the Kyverno controller's privileged serviceaccount token by tricking it into sending the Authorization: Bearer header to an attacker-controlled URL via the apiCall servicecall helper in a confused deputy attack.
NVD Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header.…
more
Because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount token to an attacker-controlled endpoint (confused deputy). Namespaced policies are blocked from servicecall usage by the namespaced urlPath gate in pkg/engine/apicall/apiCall.go, so this report is scoped to ClusterPolicy and global context usage. This vulnerability is fixed in 1.16.4.
Deeper analysisAI
CVE-2026-40868 is a vulnerability in Kyverno, a policy engine for cloud native platform engineering teams. In versions prior to 1.16.4, the apiCall servicecall helper implicitly injects an Authorization: Bearer header using the Kyverno controller serviceaccount token when a policy does not explicitly set one. Since the context.apiCall.service.url is controlled by the policy, this allows the token to be sent to an attacker-controlled endpoint in a confused deputy scenario. The issue is scoped to ClusterPolicy and global context usage, as namespaced policies are blocked from servicecall by a gate in pkg/engine/apicall/apiCall.go.
An attacker with low privileges (PR:L) in a Kubernetes cluster can exploit this by creating or modifying a ClusterPolicy that invokes the servicecall helper with a malicious URL. This causes Kyverno to authenticate requests to the attacker's endpoint using its highly privileged serviceaccount token, enabling theft of the token for further privilege escalation, such as accessing cluster resources. The vulnerability has a CVSS score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-922 (Insecure Storage of Sensitive Information).
The Kyverno security advisory at GHSA-q93q-v844-jrqp states that the vulnerability is fixed in version 1.16.4. Security practitioners should upgrade to 1.16.4 or later to mitigate the issue.
Details
- CWE(s)