{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rbac-bypass/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-22039"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["kyverno","rbac-bypass","kubernetes","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThis brief addresses a critical vulnerability in Kyverno version 1.17.0 (and earlier) related to cross-namespace ConfigMap access, stemming from an incomplete fix for CVE-2026-22039. While the original CVE addressed privilege escalation in Kyverno\u0026rsquo;s \u003ccode\u003eapiCall\u003c/code\u003e context, the ConfigMap context loader (\u003ccode\u003epkg/engine/context/loaders/configmap.go\u003c/code\u003e) still lacks namespace validation. This allows a namespace administrator to craft a Kyverno policy that reads ConfigMaps from any namespace, effectively bypassing RBAC controls. This vulnerability impacts multi-tenant Kubernetes clusters, particularly those running Azure Kubernetes Service (AKS) or other managed Kubernetes services using Kyverno. Exploitation requires a namespace admin to create a Kyverno Policy resource in their namespace.  A successful exploit allows the attacker to exfiltrate sensitive data, such as database credentials and API keys, stored in ConfigMaps across the cluster.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker with namespace admin privileges creates a service account and role binding within their assigned namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys a Kyverno \u003ccode\u003ePolicy\u003c/code\u003e resource within their namespace. This policy is crafted to exploit the vulnerability in the ConfigMap context loader.\u003c/li\u003e\n\u003cli\u003eThe policy specifies \u003ccode\u003econtext.configMap.namespace\u003c/code\u003e to target a ConfigMap in a different, victim namespace.  This step leverages the lack of namespace validation in \u003ccode\u003epkg/engine/context/loaders/configmap.go\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe policy includes a \u003ccode\u003emutate\u003c/code\u003e rule designed to extract data from the targeted ConfigMap and embed it into annotations of another ConfigMap within the attacker\u0026rsquo;s namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the policy by creating or modifying a ConfigMap (e.g., \u003ccode\u003etrigger-cm\u003c/code\u003e) in their own namespace. This triggers Kyverno\u0026rsquo;s admission controller.\u003c/li\u003e\n\u003cli\u003eKyverno, running with a privileged service account (cluster-wide \u003ccode\u003eview\u003c/code\u003e role), fetches the ConfigMap from the victim namespace based on the attacker\u0026rsquo;s policy.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emutate\u003c/code\u003e rule in the policy executes, copying the contents of the stolen ConfigMap data into annotations of the trigger ConfigMap.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the modified \u003ccode\u003etrigger-cm\u003c/code\u003e ConfigMap and extracts the exfiltrated secrets from the annotations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a namespace administrator to bypass Kubernetes RBAC and read ConfigMaps from any namespace within the cluster. This can lead to the exfiltration of sensitive data such as database credentials, API keys, and other secrets stored in ConfigMaps. The impact is most severe in multi-tenant environments where namespace isolation is critical for security.  This vulnerability affects any Kubernetes cluster running Kyverno v1.17.0 (and earlier) with namespace-scoped Policy creation enabled. A successful attack violates the principle of least privilege and breaks multi-tenancy guarantees.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Kyverno Policy Creating Cross-Namespace ConfigMap Context\u003c/code\u003e to identify potentially malicious policies.\u003c/li\u003e\n\u003cli\u003eApply the namespace validation fix suggested in the advisory to \u003ccode\u003econfigmap.NewConfigMapLoader()\u003c/code\u003e.  Specifically, ensure the resolved namespace in the ConfigMap context matches the policy\u0026rsquo;s namespace (\u003ccode\u003epkg/engine/context/loaders/configmap.go\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAudit other Kyverno context loaders (\u003ccode\u003eglobalReference\u003c/code\u003e, \u003ccode\u003eimageRegistry\u003c/code\u003e, \u003ccode\u003evariable\u003c/code\u003e) for similar missing namespace validation patterns.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of Kyverno as soon as it is released. Refer to the Kyverno release notes for the fix version.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-kyverno-configmap-rbac-bypass/","summary":"CVE-2026-22039 incompletely fixed a cross-namespace privilege escalation vulnerability in Kyverno's apiCall context, as the ConfigMap context loader still lacks namespace validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account, leading to a complete RBAC bypass in multi-tenant Kubernetes clusters.","title":"Kyverno ConfigMap Cross-Namespace Read RBAC Bypass (CVE-2026-22039 Incomplete Fix)","url":"https://feed.craftedsignal.io/briefs/2026-04-kyverno-configmap-rbac-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Rbac-Bypass","version":"https://jsonfeed.org/version/1.1"}