Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
github.com/kyverno/kyverno v1.12.0-rc.1 |… | Sonatype Guide
golang
github.com/kyverno/kyverno
v1.12.0-rc.1
github.com/kyverno/kyverno v1.12.0-rc.1
Published
Mar 8, 2024
•
Policy
compliance
golang Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
258
Versions
258
Vulnerabilities
11
Vulnerabilities
11
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(2)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.9
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with permission to create a namespaced Policy can cause Kyverno to perform Kubernetes API requests using Kyverno’s admission controller identity, targeting any API path allowed by that ServiceAccount’s RBAC. This breaks namespace isolation by enabling cross-namespace reads (for example, ConfigMaps and, where permitted, Secrets) and allows cluster-scoped or cross-namespace writes (for example, creating ClusterPolicies) by controlling the urlPath through context variable substitution. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.
affected
Severity
Critical
Published
Jan 28, 2026
9.1
sonatype-2026-000034
github.com/kyverno/kyverno - Improper Access Control
affected
Severity
Critical
Published
Jan 7, 2026
