CVE-2026-41485— Kyverno Controller Denial of Service via forEach Mutation Panic
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41485
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kyverno Controller Denial of Service via forEach Mutation Panic
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user with permission to create a `Policy` or `ClusterPolicy` to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and block all matching resource operations. The crash loop persists until the policy is deleted. The vulnerability is confined to the legacy engine, and CEL-based policies are unaffected. Versions 1.17.2 and 1.16.4 fix the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可达断言
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kyverno 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kyverno是Kyverno开源的一个为 Kubernetes 设计的策略引擎。 Kyverno 1.17.2之前版本和1.16.4之前版本存在安全漏洞,该漏洞源于forEach变异处理程序中的未检查类型断言,允许任何具有创建Policy或ClusterPolicy权限的用户使集群范围的后台控制器崩溃进入持久CrashLoopBackOff状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41485
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41485
Please Login to view more intelligence information
Same Patch Batch · kyverno · 2026-04-24 · 3 CVEs total
| CVE-2026-41323 | 8.1 HIGH | Kyverno: ServiceAccount token leaked to external servers via apiCall service URL |
| CVE-2026-41068 | 7.7 HIGH | Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) |
IV. Related Vulnerabilities
Same product: kyverno
- CVE-2026-41323
Kyverno: ServiceAccount token leaked to external servers via - CVE-2026-41068
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2 - CVE-2026-40868
kyverno apicall servicecall implicit bearer token injection - CVE-2026-4789
CVE-2026-4789 - CVE-2026-23881
Kyverno Denial of Service via Context Variable Amplification
Same vendor: kyverno
- CVE-2026-41323
Kyverno: ServiceAccount token leaked to external servers via - CVE-2026-41068
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2 - CVE-2026-40868
kyverno apicall servicecall implicit bearer token injection - CVE-2026-4789
CVE-2026-4789 - CVE-2026-23881
Kyverno Denial of Service via Context Variable Amplification
Same weakness: CWE-617
- CVE-2026-41584
ZEBRA: rk Identity Point Panic in Transaction Verification - CVE-2026-20450
Qualcomm Modem MSV-6100远程拒绝服务漏洞 - CVE-2026-34067
nimiq-transaction vulnerable to panic via `HistoryTreeProof` - CVE-2026-34063
network-libp2p: Peer can crash the node by opening discovery - CVE-2026-34069
nimiq-consensus panics via RequestMacroChain micro-block loc
V. Comments for CVE-2026-41485
No comments yet