Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Kyverno — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Kyverno. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kyverno serves as a policy engine for Kubernetes, enforcing security and compliance through declarative policies. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The project maintains active development with regular security updates, though past incidents have exposed flaws in policy enforcement mechanisms and webhook validation. With 18 CVEs recorded, the project demonstrates typical risks associated with complex policy management systems, requiring careful implementation and ongoing monitoring to prevent potential bypasses of security controls in containerized environments.

Top products by Kyverno: kyverno
CVE IDTitleCVSSSeverityPublished
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic — kyvernoCWE-617 7.7 High2026-04-24
CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL — kyvernoCWE-200 8.1 High2026-04-24
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) — kyvernoCWE-863 7.7 High2026-04-24
CVE-2026-40868 kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token — kyvernoCWE-922 8.1 High2026-04-21
CVE-2026-4789 CVE-2026-4789 — Kyverno 9.8 -2026-03-30
CVE-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine — kyvernoCWE-770 7.7 High2026-01-27
CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall — kyvernoCWE-269 10.0 Critical2026-01-27
CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service — kyvernoCWE-20 7.7 High2025-07-23
CVE-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements — kyvernoCWE-1287 8.6 High2025-04-30
CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp — kyvernoCWE-285 5.8 Medium2025-03-24
CVE-2024-48921 Kyverno's PolicyException objects can be created in any namespace by default — kyvernoCWE-285 8.1AIHighAI2024-10-29
CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image — kyvernoCWE-345 7.1 High2023-11-14
CVE-2023-42813 Denial of service from malicious manifest in kyverno — kyvernoCWE-400 6.1 Medium2023-11-13
CVE-2023-42814 Denial of service from malicious image manifest in kyverno — kyvernoCWE-835 3.1 Low2023-11-13
CVE-2023-42815 Denial of service from malicious image manifest in kyverno — kyvernoCWE-835 3.1 Low2023-11-13
CVE-2023-42816 Denial of service from malicious signature in kyverno — kyvernoCWE-345 6.1 Medium2023-11-13
CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention — kyvernoCWE-285 6.5 Medium2023-06-01
CVE-2023-33191 kyverno seccomp control can be circumvented — kyvernoCWE-284 4.6 Medium2023-05-30

This page lists every published CVE security advisory associated with Kyverno. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.