{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cel/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-4789"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["SSRF","kyverno","kubernetes","cel","cloud-security"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA Server-Side Request Forgery (SSRF) vulnerability has been identified in Kyverno\u0026rsquo;s CEL HTTP library (\u003ccode\u003epkg/cel/libs/http/\u003c/code\u003e), affecting versions \u0026gt;= 1.16.0. This flaw allows users with permissions to create namespace-scoped policies to bypass intended restrictions and make arbitrary HTTP requests from the Kyverno admission controller. This can lead to unauthorized access to internal Kubernetes services in other namespaces, cloud metadata endpoints such as 169.254.169.254 (allowing credential theft), and the exfiltration of sensitive data by embedding it in policy error messages. The vulnerability stems from a lack of URL validation in the \u003ccode\u003ehttp.Get()\u003c/code\u003e and \u003ccode\u003ehttp.Post()\u003c/code\u003e functions used within CEL policies, contrasting with the namespace enforcement present in the \u003ccode\u003eresource.Lib\u003c/code\u003e. The reported vulnerability was tested and confirmed on Kyverno v1.16.2 deployed via Helm chart 3.6.2.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to create NamespacedValidatingPolicy resources within a specific Kubernetes namespace. This could be achieved through compromised credentials, misconfigured RBAC, or other privilege escalation methods.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious NamespacedValidatingPolicy that utilizes the \u003ccode\u003ehttp.Get()\u003c/code\u003e or \u003ccode\u003ehttp.Post()\u003c/code\u003e function within a CEL expression. The crafted policy is applied to the target Kubernetes cluster.\u003c/li\u003e\n\u003cli\u003eThe CEL expression within the policy is designed to make an HTTP request to an internal service (e.g., \u003ccode\u003einternal-api.kube-system.svc.cluster.local\u003c/code\u003e) or a cloud metadata endpoint (\u003ccode\u003e169.254.169.254\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe crafted NamespacedValidatingPolicy is triggered by a specific event, such as the creation of a ConfigMap within the attacker\u0026rsquo;s namespace, which matches the \u003ccode\u003ematchConstraints\u003c/code\u003e defined in the policy.\u003c/li\u003e\n\u003cli\u003eThe Kyverno admission controller executes the CEL expression, making the HTTP request to the specified internal service or cloud metadata endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP response from the internal service or cloud metadata endpoint is captured by the CEL expression.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003emessageExpression\u003c/code\u003e within the NamespacedValidatingPolicy to include the captured data in a validation error message.\u003c/li\u003e\n\u003cli\u003eThe validation error message, containing the exfiltrated data, is returned to the user, effectively leaking sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis SSRF vulnerability allows attackers with limited, namespace-scoped privileges to access sensitive data within a Kubernetes cluster. This includes the ability to access services in other namespaces, potentially compromising sensitive configurations or secrets. Access to cloud metadata endpoints (169.254.169.254) allows the theft of IAM credentials, leading to further escalation of privileges within the cloud environment. Successful exploitation breaks namespace isolation, undermining the security model of Kyverno and Kubernetes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious usage of \u003ccode\u003ehttp.Get\u003c/code\u003e or \u003ccode\u003ehttp.Post\u003c/code\u003e function in \u003ccode\u003eNamespacedValidatingPolicy\u003c/code\u003e resources in your SIEM and tune for your environment.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from the Kyverno pods, specifically looking for connections to internal Kubernetes services or cloud metadata endpoints (169.254.169.254), using the \u003ccode\u003enetwork_connection\u003c/code\u003e log source.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix by adding namespace and URL restrictions to \u003ccode\u003epkg/cel/libs/http/http.go\u003c/code\u003e in Kyverno, similar to how \u003ccode\u003eresource.Lib\u003c/code\u003e enforces namespace boundaries as per the advisory.\u003c/li\u003e\n\u003cli\u003eUpgrade Kyverno to a patched version \u0026gt;= 1.17 when available, addressing the CVE-2026-4789.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T22:37:20Z","date_published":"2026-04-14T22:37:20Z","id":"/briefs/2024-01-08-kyverno-ssrf/","summary":"A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests, enabling unauthorized access to internal services, cloud metadata endpoints, and data exfiltration.","title":"Kyverno SSRF Vulnerability in CEL HTTP Library","url":"https://feed.craftedsignal.io/briefs/2024-01-08-kyverno-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cel","version":"https://jsonfeed.org/version/1.1"}