Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.
Published: 2026-04-24
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cluster-wide compromise via exposed ServiceAccount tokens
Action: Immediate Patch
AI Analysis

Impact

Kyverno’s apiCall feature, before the release of 1.18.0‑rc1, 1.17.2‑rc1, and 1.16.4, automatically attaches the admission controller’s ServiceAccount token to outgoing HTTP requests. The configured service URL is not validated and may point to any host, including attacker‑controlled ones. If an attacker can supply an arbitrary URL, they can exfiltrate the ServiceAccount token. With that token, the attacker can patch webhook configurations, effectively taking control of the entire Kubernetes cluster. This flaw is a confidentiality and authentication breach (CWE‑200) that can lead to privilege escalation.

Affected Systems

Kyverno versions prior to 1.18.0‑rc1, 1.17.2‑rc1, and 1.16.4 are vulnerable. The vulnerability affects the Kyverno policy engine deployed on Kubernetes clusters that use the apiCall feature in ClusterPolicy objects.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity, yet the EPSS score of less than 1% suggests that exploitation is considered unlikely at this time. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker crafting a ClusterPolicy that directs an apiCall to an attacker‑controlled server to capture the ServiceAccount token. After obtaining the token, the attacker can use it to patch cluster webhook configurations, achieving full cluster compromise. Given the high impact and the availability of a patch, the risk warrants immediate action.

Generated by OpenCVE AI on April 28, 2026 at 14:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kyverno to version 1.18.0‑rc1 or newer, which removes the insecure token attachment behavior
  • Temporarily disable the apiCall feature in all ClusterPolicies until the patch is applied or restrict the ServiceAccount to the minimum necessary permissions
  • Monitor webhook configuration changes and review audit logs for unauthorized modifications to detect potential exploitation

Generated by OpenCVE AI on April 28, 2026 at 14:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f9g8-6ppc-pqq4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Kyverno
Kyverno kyverno
CPEs cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*
cpe:2.3:a:kyverno:kyverno:*:-:*:*:*:*:*:*
Vendors & Products Kyverno
Kyverno kyverno

Fri, 24 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions to patch webhook configurations, a stolen token leads to full cluster compromise. Versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4 patch the issue.
Title Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
Weaknesses CWE-200
CWE-918
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Kyverno Kyverno
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T12:05:00.276Z

Reserved: 2026-04-20T14:01:46.672Z

Link: CVE-2026-41323

cve-icon Vulnrichment

Updated: 2026-04-24T12:04:41.403Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T04:16:20.593

Modified: 2026-04-27T17:53:22.783

Link: CVE-2026-41323

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:30:33Z

Weaknesses