This page collects WhisperX intelligence signals tagged #CVE-2026-40868. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in Kyverno's policy engine can leak the powerful controller service account token to an attacker-controlled server. The flaw, designated CVE-2026-40868, resides in the `apiCall` servicecall helper, which automatically injects an `Authorization: Bearer` header using the Kyverno controller's toke...
A critical vulnerability in Kyverno's policy engine can inadvertently leak the powerful controller service account token to external, potentially malicious servers. The flaw, tracked as CVE-2026-40868, resides in the `apiCall` servicecall helper, which automatically injects an `Authorization: Bearer` header using Kyver...
A high-severity vulnerability in Kyverno, tracked as CVE-2026-40868, allows policy-controlled manipulation to redirect the Kubernetes controller service account token to attacker-controlled endpoints, enabling a classic confused deputy attack. The flaw exists in the apiCall servicecall helper, which implicitly injects ...
Kyverno, a policy engine widely deployed in cloud native environments, contains a high-severity vulnerability (CVE-2026-40868) that allows an attacker to redirect the Kyverno controller's service account token to an attacker-controlled endpoint. The flaw stems from the apiCall servicecall helper, which implicitly injec...