Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation

The maintainers of Kyverno, a popular Kubernetes-native policy engine, have released an urgent security update to address a critical vulnerability that shatters the platform’s isolation boundaries. Tracked as CVE-2026-22039 and carrying a maximum CVSS score of 10, the flaw allows any user with policy creation rights to effectively become a cluster admin.

The update also fixes a high-severity Denial of Service (DoS) vulnerability (CVE-2026-23881), further highlighting the risks of complex policy engines in multi-tenant environments.

The critical vulnerability, CVE-2026-22039, stems from a failure in how Kyverno handles API calls within namespaced policies. Normally, a policy created in a specific namespace (like “dev-team-a”) should stay within that sandbox. However, researchers discovered that the apiCall feature lacked this enforcement.

“The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace,” the advisory explains.

This oversight is catastrophic because the Kyverno admission controller typically holds broad, cluster-wide permissions. An attacker can exploit this by crafting a policy that substitutes variables into the urlPath field, tricking Kyverno into making requests on their behalf.

“Any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests… targeting any API path allowed by that Service Account’s RBAC”.

The implications are severe:

• Privilege Escalation: An attacker could create a RoleBinding in the kube-system namespace to grant themselves cluster-admin rights.
• Data Exfiltration: Sensitive data, including Secrets and tokens, can be stolen from any namespace.
• Cluster Disruption: Attackers can create malicious ClusterPolicies to block critical operations like Pod scheduling.

Alongside the privilege escalation, the team also patched CVE-2026-23881, a Denial of Service vulnerability with a CVSS score of 7.7. This flaw allows users to crash the Kyverno engine by creating policies that trigger exponential memory consumption.

“Unbounded memory consumption in Kyverno’s policy engine allows users… to cause denial of service by crafting policies that exponentially amplify string data through context variables,” the advisory writes.

While less severe than a full takeover, the impact is still significant. Crashing the admission controller can disable cluster-wide policy enforcement. If the cluster is configured with failurePolicy: Ignore, workloads could bypass all validation during the outage, leaving the door open for further attacks or misconfigurations.

Both vulnerabilities affect Kyverno versions 1.16.2 and earlier, as well as 1.15.2 and earlier.

The maintainers have released patched versions v1.16.3 and v1.15.3 that introduce strict validation logic. For the critical flaw, the new logic ensures that namespaced policies can only target resources within their own namespace, rejecting any requests that attempt to cross boundaries.

Related Posts:

• Flash Forward: Google’s New Gemini 3 Flash Shatters Efficiency Records and Rival Flagships
• Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions
• Google Chrome enabled the site isolation technology to protect against Spectre and Meltdown attack
• Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks