{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4789", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-03-24T20:03:13.388Z", "datePublished": "2026-03-30T20:44:00.607Z", "dateUpdated": "2026-04-01T18:43:50.952Z"}, "containers": {"cna": {"title": "CVE-2026-4789", "descriptions": [{"lang": "en", "value": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Kyverno", "product": "Kyverno", "versions": [{"status": "affected", "version": "1.16.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "references": [{"url": "https://github.com/kyverno/kyverno"}, {"url": "https://kb.cert.org/vuls/id/655822"}, {"url": "https://portswigger.net/web-security/ssrf"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4789"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T20:44:00.607Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/655822"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-30T21:18:08.577Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:43:09.447511Z", "id": "CVE-2026-4789", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:43:50.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/655822"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-30T21:18:08.577Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:43:09.447511Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:43:36.754Z"}}], "cna": {"title": "CVE-2026-4789", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Kyverno", "product": "Kyverno", "versions": [{"status": "affected", "version": "1.16.0"}]}], "references": [{"url": "https://github.com/kyverno/kyverno"}, {"url": "https://kb.cert.org/vuls/id/655822"}, {"url": "https://portswigger.net/web-security/ssrf"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4789"}, "descriptions": [{"lang": "en", "value": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T20:44:00.607Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4789", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:43:50.952Z", "dateReserved": "2026-03-24T20:03:13.388Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T20:44:00.607Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2E0715F-61DE-45F5-840E-06CF5C468D33", "versionEndIncluding": "1.17.1", "versionStartIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions."}, {"lang": "es", "value": "Kyverno, versiones 1.16.0 y posteriores, son vulnerables a SSRF debido a funciones HTTP CEL sin restricciones."}], "id": "CVE-2026-4789", "lastModified": "2026-04-03T18:17:51.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T21:17:10.843", "references": [{"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/kyverno/kyverno"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://kb.cert.org/vuls/id/655822"}, {"source": "cret@cert.org", "tags": ["Technical Description"], "url": "https://portswigger.net/web-security/ssrf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.kb.cert.org/vuls/id/655822"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.16.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Kyverno", "source": "cna", "vendor": "Kyverno"}, "product": "kyverno", "vendor": "kyverno"}], "analysis": {"en": {"generated_at": "2026-04-03T21:55:05.636379+00:00", "value": {"mitigation_remediation": ["Upgrade Kyverno to the latest release that fixes the SSRF vulnerability.", "Restrict inbound access to the Kyverno API so only trusted users or service accounts can submit policies.", "Apply network segmentation or firewall rules to prevent Kyverno pods from making outbound HTTP requests to internal networks.", "If immediate upgrade is not possible, disable or limit CEL HTTP functions within Kyverno\u2019s configuration.", "Monitor Kyverno logs for unexpected outbound HTTP requests."], "summary": {"action": "Immediate Patch", "impact": "Remote Server Side Request Forgery"}, "threat_synthesis": {"affected_systems": "All Kyverno deployments running version 1.16.0 or newer are affected. The issue exists in any installation that includes the relevant CEL HTTP function code and does not have a patch that mitigates the flaw.", "description_and_impact": "Kyverno and its associated policies are exposed to a Server Side Request Forgery (SSRF) flaw caused by unrestricted CEL HTTP functions. The vulnerability allows an attacker to instruct Kyverno to issue HTTP requests to arbitrary hosts from within the cluster, potentially accessing internal resources or sensitive information. The weakness is categorized as CWE\u2011918.", "risk_and_exploitability": "The severity rating of 9.8 places the flaw in the critical range. The EPSS score indicates that exploitation attempts are currently rare, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector is when an attacker can submit or modify policy rules that invoke the CEL HTTP function, though the specific prerequisites are not disclosed in the CVE data."}}}}, "created": "2026-03-31T19:57:18.409816+00:00", "title": "Kyverno SSRF via Unrestricted CEL HTTP Functions", "updated": "2026-04-07T08:08:29.712226+00:00", "vendors": ["kyverno", "kyverno$PRODUCT$kyverno"]}