Vulnerability Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kyverno | Kyverno | < 1.15.3 |
Related Weaknesses (CWE)
References
- https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b85Patch
- https://github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175Patch
- https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mqExploitMitigationVendor Advisory
FAQ
What is CVE-2026-23881?
CVE-2026-23881 is a vulnerability with a CVSS score of 7.7 (HIGH). Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with...
How severe is CVE-2026-23881?
CVE-2026-23881 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23881?
Check the references section above for vendor advisories and patch information. Affected products include: Kyverno Kyverno.