CVE Tools
Home/Vulnerability/CVE-2026-41485

CVE-2026-41485

Kyverno Controller Denial of Service via forEach Mutation Panic

Published: Apr 24, 2026Updated: Apr 24, 2026 Sources: CVE List
NVD MITRE
7.7CVSS
HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user with permission to create a `Policy` or `ClusterPolicy` to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and block all matching resource operations. The crash loop persists until the policy is deleted. The vulnerability is confined to the legacy engine, and CEL-based policies are unaffected. Versions 1.17.2 and 1.16.4 fix the issue.

EPSS Score
N/A
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
No Fix Available

CVSS Vector Breakdown

AV:NAC:LPR:LUI:NS:CC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:CScope
Changed
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High

Weaknesses

CWE-617CWE-617: Reachable Assertion

Affected Products

kyverno
kyverno

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

MITRE ATT&CK

1 technique
Impact
View detailed technique mapping

References

https://github.com/kyverno/kyverno/security/advisories/GHSA-fpjq-c37h-cqcv
github.com
https://github.com/kyverno/kyverno/commit/76c8fdbe87328722e099e1fd44c3f21c9f7809cb
github.com
https://github.com/kyverno/kyverno/commit/80e728c2283a0c65e5adb02d8a907106e6ebe7e3
github.com

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-41485 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
AI-powered analysis
Plain-language impact assessment and exploitation scenario
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows