CVE

CVE-2026-23881

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

CVE

CVE-2026-23881

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.7

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23881.json, https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f, https://github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175b7, https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq, https://nvd.nist.gov/vuln/detail/CVE-2026-23881

Severity

7.7

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.7

EPSS Probability

0.00053%

EPSS Percentile

0.16476%

Introduced Version

0,18f9549cb2af30ec0537cd97f3200228d9f42d4b

Fix Available

13ba08e97c90c058184db9204754b900aeaf084e,188151e6b60b192aabcbc24943c3159e5cfab5da

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-23881

CVE-2026-23881

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.7

Basic Information

Fix Critical Vulnerabilities Instantly