Kubewarden is a policy engine for Kubernetes that allows administrators to define admission policies. The vulnerability allows an attacker who has privileged AdmissionPolicy or AdmissionPolicyGroup create permissions—permissions that are not granted by default—to craft a policy that uses the can_i host capability callback. The callback issues a SubjectAccessReview to the cluster, bypassing the context‑aware allow‑list enforcement that can_i is supposed to provide. As a result, the policy can retrieve RBAC permissions for any user or service account, revealing whether they can perform actions such as "get secrets," "create pods," or "bind clusterroles" in selected namespaces. This results in an information disclosure or reconnaissance issue rather than direct exfiltration of workload data.

The flaw affects the Kubewarden controller component, specifically the kubewarden-controller product. Only deployments that employ privilege‑granting AdmissionPolicy or AdmissionPolicyGroup create permissions are susceptible; the vulnerability is tied to the policy engine’s handling of the can_i host callback within that controller.

The CVSS score of 4.3 indicates a moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. Exploitation requires a privileged user who can create admission policies, a capability typically limited to cluster administrators. An attacker would craft a custom policy that triggers the can_i callback, thereby enumerating RBAC permissions across the cluster. The likely attack vector is internal via the Kubernetes API, inferred because the callback performs a cluster‑wide SubjectAccessReview. Successful exploitation results only in the discovery of existing permissions rather than direct data theft.