CVE-2026-23881

Published: Jan 27, 2026

Modified: Jan 27, 2026

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

Vendor	Product	Versions
kyverno	kyverno	affected `< 1.15.3` affected `>= 1.16.0, < 1.16.3`

Weaknesses (CWE)

CWE-770

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq

x_refsource_CONFIRM

https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f

x_refsource_MISC

https://github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175b7

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23881

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References