The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-22039

CVE-2026-22039: Kyverno Auth Bypass Vulnerability

CVE-2026-22039 is an authorization bypass flaw in Kyverno that allows authenticated users to break namespace isolation and perform unauthorized API requests. This article covers technical details, affected versions, and patches.

Published: January 30, 2026

CVE-2026-22039 Overview

CVE-2026-22039 is a critical authorization boundary bypass vulnerability in Kyverno, a policy engine designed for cloud native platform engineering teams. This vulnerability affects versions prior to 1.16.3 and 1.15.3, allowing authenticated users with permission to create namespaced Policies to exploit Kyverno's admission controller ServiceAccount to perform unauthorized Kubernetes API requests across namespace boundaries.

Critical Impact

This vulnerability enables cross-namespace reads of sensitive resources (ConfigMaps, Secrets) and allows cluster-scoped or cross-namespace writes (including creating ClusterPolicies) by manipulating the urlPath through context variable substitution.

Affected Products

  • Kyverno versions prior to 1.16.3
  • Kyverno versions prior to 1.15.3
  • Kubernetes environments running vulnerable Kyverno deployments

Discovery Timeline

  • 2026-01-27 - CVE CVE-2026-22039 published to NVD
  • 2026-01-29 - Last updated in NVD database

Technical Details for CVE-2026-22039

Vulnerability Analysis

This authorization bypass vulnerability (CWE-269: Improper Privilege Management) exists in the namespaced Kyverno Policy apiCall functionality. The core issue stems from the resolved urlPath being executed using the Kyverno admission controller's ServiceAccount credentials without enforcing that requests remain scoped to the policy's namespace.

When a namespaced Policy executes an apiCall, Kyverno processes the request using its admission controller identity, which typically has elevated RBAC permissions across the cluster. The vulnerability allows an attacker to manipulate the urlPath through context variable substitution, effectively hijacking Kyverno's privileged service account to access resources outside the intended namespace scope.

This breaks fundamental Kubernetes namespace isolation principles, enabling:

  • Cross-namespace read access to ConfigMaps and potentially Secrets
  • Cluster-scoped resource manipulation
  • Creation of ClusterPolicies from namespaced policy contexts
  • Horizontal privilege escalation across namespace boundaries

Root Cause

The root cause is the lack of authorization boundary enforcement on the urlPath parameter within namespaced Policy apiCall operations. The Kyverno admission controller does not validate that the resolved API path targets resources within the policy's own namespace, allowing authenticated users to craft policies that access arbitrary API endpoints permitted by Kyverno's ServiceAccount RBAC configuration.

Attack Vector

The attack is network-based and requires low privileges—specifically, any authenticated user with permission to create namespaced Policies can exploit this vulnerability. The attacker crafts a malicious Policy definition with a carefully constructed urlPath using context variable substitution to target resources outside the policy's namespace. When Kyverno processes this policy, it executes the API call using its admission controller ServiceAccount, which typically has broad cluster access.

For example, an attacker in namespace "user-ns" could create a Policy with an apiCall that reads Secrets from "kube-system" or creates ClusterPolicies—operations that should be restricted to cluster administrators.

Detection Methods for CVE-2026-22039

Indicators of Compromise

  • Unexpected apiCall patterns in Kyverno Policy definitions targeting cross-namespace resources
  • Anomalous Kubernetes API audit logs showing Kyverno ServiceAccount accessing resources outside expected namespaces
  • Creation of ClusterPolicies or cluster-scoped resources initiated from namespaced Policy contexts
  • Unusual read operations against Secrets or ConfigMaps in privileged namespaces (e.g., kube-system, kyverno)

Detection Strategies

  • Enable Kubernetes audit logging and monitor for Kyverno ServiceAccount API calls that cross namespace boundaries
  • Implement admission webhooks or OPA policies to validate urlPath patterns in Kyverno Policy definitions before creation
  • Review existing namespaced Policies for suspicious apiCall configurations with variable substitution in urlPath
  • Monitor for newly created ClusterPolicies and correlate with namespaced Policy activity

Monitoring Recommendations

  • Configure alerts for Kyverno admission controller ServiceAccount activities outside designated namespaces
  • Implement runtime monitoring for Policy resource creation events with apiCall rules
  • Review RBAC permissions assigned to Kyverno's ServiceAccount and consider applying principle of least privilege
  • Enable SentinelOne Kubernetes monitoring for anomalous workload behavior and API access patterns

How to Mitigate CVE-2026-22039

Immediate Actions Required

  • Upgrade Kyverno to version 1.16.3 or 1.15.3 immediately to patch the vulnerability
  • Audit existing namespaced Policies for potentially malicious apiCall configurations
  • Review Kubernetes audit logs for evidence of exploitation attempts
  • Restrict Policy creation permissions to trusted administrators only until patches are applied

Patch Information

The Kyverno maintainers have released patched versions 1.16.3 and 1.15.3 that address this vulnerability. The fix implements proper authorization boundary enforcement for apiCall operations within namespaced Policies.

Relevant commits:

  • GitHub Commit e0ba4de
  • GitHub Commit eba60fa

For additional details, refer to the GitHub Security Advisory GHSA-8p9x-46gm-qfx2.

Workarounds

  • Temporarily restrict RBAC permissions for creating namespaced Policy resources to cluster administrators only
  • Limit Kyverno's admission controller ServiceAccount RBAC to reduce the scope of potential exploitation
  • Implement admission control to block Policies containing apiCall rules until patches are applied
  • Consider network policies to restrict Kyverno's API server communication if immediate patching is not feasible
bash
# Verify Kyverno version after upgrade
kubectl get deployment -n kyverno kyverno-admission-controller -o jsonpath='{.spec.template.spec.containers[0].image}'

# Audit existing policies for apiCall usage
kubectl get policy --all-namespaces -o json | jq '.items[] | select(.spec.rules[].context[].apiCall != null) | {namespace: .metadata.namespace, name: .metadata.name}'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechKyverno
  • SeverityCRITICAL
  • CVSS Score9.9
  • EPSS Probability0.04%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-269
  • Technical References
  • GitHub Commit e0ba4de
  • GitHub Commit eba60fa
  • GitHub Security Advisory GHSA-8p9x-46gm-qfx2
  • Related CVEs
  • CVE-2026-4789: Kyverno SSRF Vulnerability
  • CVE-2026-23881: Kyverno Policy Engine DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English