Kyverno Privilege Escalation: RBAC Bypass in Multi-Tenant Clusters

/HIGH /CVSS 7.7/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityprivilege-escalationcwe-863
Kyverno Privilege Escalation: RBAC Bypass in Multi-Tenant Clusters

The National Vulnerability Database has disclosed CVE-2026-41068, a high-severity privilege escalation vulnerability in Kyverno, a policy engine for cloud-native platforms. Rated 7.7 CVSS, this flaw allows a namespace administrator to bypass Kubernetes RBAC and read ConfigMaps from any namespace. This is a critical issue for multi-tenant Kubernetes environments.

The vulnerability stems from insufficient validation in Kyverno’s configMap.namespace field within its ConfigMap context loader. While a previous patch (CVE-2026-22039) addressed a similar issue in the apiCall context by validating URLPath, the ConfigMap context was overlooked. This allows an attacker to leverage Kyverno’s privileged service account to achieve a complete RBAC bypass.

For defenders, this means an attacker with namespace admin privileges can escalate to gain unauthorized access to sensitive configurations across the cluster. The National Vulnerability Database confirms a fix is available in Kyverno version 1.17.2. Organizations running Kyverno in multi-tenant Kubernetes clusters must prioritize this update.

What This Means For You

  • If your organization uses Kyverno in a multi-tenant Kubernetes cluster, you need to immediately patch to version 1.17.2 or higher. This vulnerability allows a namespace administrator to read ConfigMaps from *any* namespace, effectively bypassing RBAC and potentially exposing sensitive configurations. Audit your Kyverno deployments and ensure the fix is applied to prevent cross-namespace privilege escalation.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41068 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation T1204.002 Malicious File Privilege Escalation T1078.004 Service Account Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1068 Privilege Escalation

Kyverno RBAC Bypass via ConfigMap Read - CVE-2026-41068

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41068 Privilege Escalation Kyverno policy engine
CVE-2026-41068 Auth Bypass Kyverno ConfigMap context loader with 'configMap.namespace' field
CVE-2026-41068 Privilege Escalation Kyverno versions prior to 1.17.2

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6810 — The Booking Calendar Contact Form plugin for WordPress is

CVE-2026-6810 — The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63...

vulnerabilityCVEmedium-severitycwe-639
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 6 Sigma

CVE-2026-5428 — Cross-Site Scripting (XSS)

CVE-2026-5428 — The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.4 /⚑ 2 IOCs /⚙ 2 Sigma

WordPress Plugin Flaw Exposes Sites to RCE

CVE-2026-5364 — The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to,...

vulnerabilityCVEhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 3 Sigma