{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41068", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-16T16:43:03.174Z", "datePublished": "2026-04-24T03:14:27.640Z", "dateUpdated": "2026-04-24T16:22:26.972Z"}, "containers": {"cna": {"title": "Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p"}, {"name": "https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777"}], "affected": [{"vendor": "kyverno", "product": "kyverno", "versions": [{"version": "< 1.17.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T03:14:27.640Z"}, "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap context loader has the identical vulnerability \u2014 the `configMap.namespace` field accepts any namespace with zero validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account. This is a complete RBAC bypass in multi-tenant Kubernetes clusters. An updated fix is available in version 1.17.2."}], "source": {"advisory": "GHSA-cvq5-hhx3-f99p", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T16:21:58.960135Z", "id": "CVE-2026-41068", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T16:22:26.972Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41068", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-24T16:21:58.960135Z"}}}], "references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T16:22:21.071Z"}}], "cna": {"title": "Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)", "source": {"advisory": "GHSA-cvq5-hhx3-f99p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kyverno", "product": "kyverno", "versions": [{"status": "affected", "version": "< 1.17.2"}]}], "references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p", "name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777", "name": "https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap context loader has the identical vulnerability \u2014 the `configMap.namespace` field accepts any namespace with zero validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account. This is a complete RBAC bypass in multi-tenant Kubernetes clusters. An updated fix is available in version 1.17.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T03:14:27.640Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41068", "state": "PUBLISHED", "dateUpdated": "2026-04-24T16:22:26.972Z", "dateReserved": "2026-04-16T16:43:03.174Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T03:14:27.640Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kyverno:kyverno:*:-:*:*:*:*:*:*", "matchCriteriaId": "6574A7FA-CE7D-4EB6-B036-044E07DB453A", "versionEndExcluding": "1.17.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap context loader has the identical vulnerability \u2014 the `configMap.namespace` field accepts any namespace with zero validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account. This is a complete RBAC bypass in multi-tenant Kubernetes clusters. An updated fix is available in version 1.17.2."}], "id": "CVE-2026-41068", "lastModified": "2026-04-27T17:48:04.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T04:16:19.950", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/bbf3e5c01391d612968440659028ae98e565a777"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-cvq5-hhx3-f99p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.17.2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "kyverno", "source": "cna", "vendor": "kyverno"}, "product": "kyverno", "vendor": "kyverno"}], "analysis": {"en": {"generated_at": "2026-04-28T06:59:42.000170+00:00", "value": {"mitigation_remediation": ["Upgrade Kyverno to version 1.17.2 or later, which includes a fix for the ConfigMap context loader validation.", "Ensure that the Kyverno service account is granted only the minimal permissions required for policy evaluation.", "If an immediate upgrade is not possible, isolate the Kyverno deployment so that its service account cannot read ConfigMaps in other namespaces, or explicitly deny the \"configMap.namespace\" input via Admission Webhooks or RBAC rules."], "summary": {"action": "Apply Patch", "impact": "RBAC bypass via ConfigMap context loader allowing cross\u2011namespace reads"}, "threat_synthesis": {"affected_systems": "The Kyverno policy engine, any release prior to version 1.17.2, is affected. All other editions run natively on Kubernetes and employ the same ConfigMap context loader.", "description_and_impact": "Kyverno\u2019s ConfigMap context loader accepts an arbitrary namespace value without validation, enabling a namespace admin to read ConfigMaps from any namespace using Kyverno\u2019s privileged service account. This flaw constitutes a complete RBAC bypass in multi\u2011tenant Kubernetes clusters, allowing unintended disclosure of configuration data vulnerability mirrors the prior CVE-2026-22039 fix, and in the current version the patch is only incomplete.", "risk_and_exploitability": "Evaluated with a CVSS score of 7.7, the EPSS score is below 1%, and the vulnerability is not listed in CISA KEV. The exploit requires a privileged Kyverno service account and sufficient access to specify a ConfigMap context. An attacker can target the ConfigMap context loader to retrieve configuration data from any namespace, potentially revealing secrets and enabling further privilege escalation. The risk is moderate but exploitability is low due to the need for Kubernetes RBAC privileges."}}}}, "created": "2026-04-27T22:00:15.587761+00:00", "updated": "2026-04-28T07:00:09.562853+00:00", "vendors": ["kyverno", "kyverno$PRODUCT$kyverno"]}