Critical Kyverno Vulnerability Allows Cluster Admin Takeover via Policy Abuse (CVE-2026-22039)

The maintainers of Kyverno, a widely deployed Kubernetes-native policy engine, have released an emergency patch for a critical vulnerability that completely breaks namespace isolation boundaries.

Tracked as CVE-2026-22039 and carrying a maximum CVSS score of 10, the flaw allows any authenticated user with permission to create namespaced policies to effectively become a cluster administrator.

The Vulnerability

The flaw exists in how Kyverno handles apiCall context entries. When processing policies, Kyverno substitutes variables into the urlPath field without validating that the resulting API path is authorized for the scope of the policy.

Because the apiCall executes using Kyverno's admission controller service account—which typically has broad cluster permissions—an attacker can construct any valid Kubernetes API path to access or modify resources they shouldn't have access to.

Attack Scenarios

Researchers demonstrated two devastating attack paths:

Cross-Namespace Data Exfiltration: A user restricted to the default namespace can create a malicious policy that reads ConfigMaps, Secrets, or other sensitive data from any namespace including kube-system. The leaked data appears in policy denial messages.

Cluster-Wide Disruption: An attacker can create a ClusterPolicy through a namespaced policy, effectively gaining cluster-admin capabilities. The proof-of-concept demonstrates blocking all pod scheduling cluster-wide—even for legitimate administrators.

Trivial Exploitation

The attack requires only:

1. Permission to create policies in any single namespace
2. A malicious policy with crafted urlPath containing variable substitution
3. A trigger resource (like a ConfigMap) with annotations pointing to target resources

The exploitation is straightforward and requires no special tooling.

Impact

• Users with policy creation rights in a single namespace can escalate to cluster admin privileges
• Sensitive data (Secrets, tokens, configurations) can be exfiltrated from any namespace
• Attackers can disrupt entire clusters by creating malicious ClusterPolicies
• In multi-tenant environments, one tenant can access data belonging to other tenants

Affected Versions

• Kyverno 1.16.2 and earlier
• Kyverno 1.15.2 and earlier

Fixed Versions

• Kyverno 1.16.3
• Kyverno 1.15.3

Additional Vulnerability

The update also addresses CVE-2026-23881, a high-severity Denial of Service vulnerability affecting the same versions.

Assess Your Exposure

Run this command to understand potential impact in your environment:

bash

kubectl auth can-i --as=system:serviceaccount:kyverno:kyverno-admission-controller --list

Recommendations

1. Upgrade to Kyverno 1.16.3 or 1.15.3 immediately
2. Audit who has policy creation permissions in your clusters
3. Review existing policies for suspicious apiCall entries with variable substitution in urlPath
4. Monitor for unexpected ClusterPolicy creation
5. Consider restricting policy creation rights to trusted administrators only