{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41323", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-20T14:01:46.672Z", "datePublished": "2026-04-24T03:21:36.265Z", "dateUpdated": "2026-04-24T12:05:00.276Z"}, "containers": {"cna": {"title": "Kyverno: ServiceAccount token leaked to external servers via apiCall service URL", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4"}, {"name": "https://github.com/kyverno/kyverno/commit/bc4f91c4801b1eaa2edc0a14e2f1b0af8cf0c1f5", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/bc4f91c4801b1eaa2edc0a14e2f1b0af8cf0c1f5"}, {"name": "https://github.com/kyverno/kyverno/commit/c2eab00033e635bda4e4efb58c1b472b41728bb6", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/c2eab00033e635bda4e4efb58c1b472b41728bb6"}, {"name": "https://github.com/kyverno/kyverno/commit/f70e8ac1e7acd2e3844f9553e4a884f07f953de0", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/f70e8ac1e7acd2e3844f9553e4a884f07f953de0"}], "affected": [{"vendor": "kyverno", "product": "kyverno", "versions": [{"version": "< 1.16.4", "status": "affected"}, {"version": ">= 1.17.0-rc1, < 1.17.2-rc1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T03:21:36.265Z"}, "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation \u2014 it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue."}], "source": {"advisory": "GHSA-f9g8-6ppc-pqq4", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T12:04:48.048182Z", "id": "CVE-2026-41323", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T12:05:00.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41323", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-24T12:04:48.048182Z"}}}], "references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T12:04:41.403Z"}}], "cna": {"title": "Kyverno: ServiceAccount token leaked to external servers via apiCall service URL", "source": {"advisory": "GHSA-f9g8-6ppc-pqq4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kyverno", "product": "kyverno", "versions": [{"status": "affected", "version": "< 1.16.4"}, {"status": "affected", "version": ">= 1.17.0-rc1, < 1.17.2-rc1"}]}], "references": [{"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4", "name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kyverno/kyverno/commit/bc4f91c4801b1eaa2edc0a14e2f1b0af8cf0c1f5", "name": "https://github.com/kyverno/kyverno/commit/bc4f91c4801b1eaa2edc0a14e2f1b0af8cf0c1f5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/kyverno/kyverno/commit/c2eab00033e635bda4e4efb58c1b472b41728bb6", "name": "https://github.com/kyverno/kyverno/commit/c2eab00033e635bda4e4efb58c1b472b41728bb6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/kyverno/kyverno/commit/f70e8ac1e7acd2e3844f9553e4a884f07f953de0", "name": "https://github.com/kyverno/kyverno/commit/f70e8ac1e7acd2e3844f9553e4a884f07f953de0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation \u2014 it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T03:21:36.265Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41323", "state": "PUBLISHED", "dateUpdated": "2026-04-24T12:05:00.276Z", "dateReserved": "2026-04-20T14:01:46.672Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T03:21:36.265Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kyverno:kyverno:*:-:*:*:*:*:*:*", "matchCriteriaId": "D99E721C-8123-4DD3-843C-41F652B954D4", "versionEndExcluding": "1.16.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*", "matchCriteriaId": "69DC2B53-AFC4-4710-B8BC-DCCF46C5CE01", "versionEndExcluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation \u2014 it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue."}], "id": "CVE-2026-41323", "lastModified": "2026-04-27T17:53:22.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T04:16:20.593", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/bc4f91c4801b1eaa2edc0a14e2f1b0af8cf0c1f5"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/c2eab00033e635bda4e4efb58c1b472b41728bb6"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/f70e8ac1e7acd2e3844f9553e4a884f07f953de0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-f9g8-6ppc-pqq4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["*"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.16.4)"}}, {"platform": ["*"], "status": "affected", "versions": {"scheme": "semver", "value": "[1.17.0-rc1,1.17.2-rc1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "kyverno", "source": "cna", "vendor": "kyverno"}, "product": "kyverno", "vendor": "kyverno"}], "analysis": {"en": {"generated_at": "2026-04-28T14:25:25.688308+00:00", "value": {"mitigation_remediation": ["Upgrade Kyverno to version 1.18.0\u2011rc1 or newer, which removes the insecure token attachment behavior", "Temporarily disable the apiCall feature in all ClusterPolicies until the patch is applied or restrict the ServiceAccount to the minimum necessary permissions", "Monitor webhook configuration changes and review audit logs for unauthorized modifications to detect potential exploitation"], "summary": {"action": "Immediate Patch", "impact": "Cluster-wide compromise via exposed ServiceAccount tokens"}, "threat_synthesis": {"affected_systems": "Kyverno versions prior to 1.18.0\u2011rc1, 1.17.2\u2011rc1, and 1.16.4 are vulnerable. The vulnerability affects the Kyverno policy engine deployed on Kubernetes clusters that use the apiCall feature in ClusterPolicy objects.", "description_and_impact": "Kyverno\u2019s apiCall feature, before the release of 1.18.0\u2011rc1, 1.17.2\u2011rc1, and 1.16.4, automatically attaches the admission controller\u2019s ServiceAccount token to outgoing HTTP requests. The configured service URL is not validated and may point to any host, including attacker\u2011controlled ones. If an attacker can supply an arbitrary URL, they can exfiltrate the ServiceAccount token. With that token, the attacker can patch webhook configurations, effectively taking control of the entire Kubernetes cluster. This flaw is a confidentiality and authentication breach (CWE\u2011200) that can lead to privilege escalation.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity, yet the EPSS score of less than 1% suggests that exploitation is considered unlikely at this time. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker crafting a ClusterPolicy that directs an apiCall to an attacker\u2011controlled server to capture the ServiceAccount token. After obtaining the token, the attacker can use it to patch cluster webhook configurations, achieving full cluster compromise. Given the high impact and the availability of a patch, the risk warrants immediate action."}}}}, "created": "2026-04-28T03:15:05.355576+00:00", "updated": "2026-04-28T14:30:33.764129+00:00", "vendors": ["kyverno", "kyverno$PRODUCT$kyverno"]}