CVE-2026-22039 – Kyverno
CVSS 9.9
CRITICAL
“A single gap in policy enforcement can open the door to total cluster compromise.”
Kyverno has released a critical security patch addressing CVE-2026-22039, a severe vulnerability impacting its policy enforcement mechanisms. This issue could allow attackers to bypass admission controls, undermining Kubernetes security policies and exposing clusters to unauthorized workloads or configuration changes. The CVSS score is 10.0, which is Critical severity.
Proof-of-concept code is publicly available, confirming that exploitation is feasible. This significantly raises the risk for organizations relying on Kyverno for policy governance, as attackers can weaponize this weakness to evade controls and deploy malicious resources.
Key Details
- Affected Product
- Kyverno Kyverno
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-269
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.