CVE-2026-41323
Published: 24 April 2026
Summary
CVE-2026-41323 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Kyverno Kyverno. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of service URLs in Kyverno's apiCall feature to block SSRF attacks directing requests to attacker-controlled servers.
Enforces least privilege on the Kyverno admission controller ServiceAccount to prevent full cluster compromise from stolen tokens.
Mediates and enforces information flows from Kyverno to only approved destinations, limiting arbitrary outbound requests with attached tokens.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The SSRF vulnerability in Kyverno's apiCall feature directly enables exploitation of the application to direct requests with the ServiceAccount token to attacker servers (T1190) and facilitates theft of the application access token (T1528) for cluster compromise.
NVD Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no…
more
validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.
Deeper analysisAI
CVE-2026-41323 is a high-severity vulnerability (CVSS 8.1, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) affecting Kyverno, a policy engine for cloud native platform engineering teams, specifically its apiCall feature in ClusterPolicy. In versions prior to 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, the feature automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests without validating the service URL, allowing requests to be directed to arbitrary endpoints, including attacker-controlled servers. This issue is linked to CWE-200 (Exposure of Sensitive Information) and CWE-918 (Server-Side Request Forgery).
The vulnerability can be exploited by an attacker with low privileges (PR:L) who can create or modify a ClusterPolicy containing an apiCall rule pointing to a malicious service URL. When Kyverno processes the policy during admission review, it sends the request with the admission controller's ServiceAccount token, enabling token theft. The admission controller ServiceAccount typically has permissions to patch webhook configurations, allowing a token thief to achieve full Kubernetes cluster compromise by escalating privileges and modifying critical cluster resources.
Kyverno's security advisory (GHSA-f9g8-6ppc-pqq4) and related patch commits confirm the issue is fixed in versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4. Security practitioners should upgrade to these versions or later, audit existing ClusterPolicies for apiCall rules with untrusted URLs, and review ServiceAccount permissions for Kyverno's admission controller to follow least-privilege principles.
Details
- CWE(s)