CVE-2026-4789: Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access

April 14, 2026

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno’s CEL HTTP library (pkg/cel/libs/http/) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.

References

github.com/advisories/GHSA-rggm-jjmc-3394
github.com/kyverno/kyverno
github.com/kyverno/kyverno/pull/15729
github.com/kyverno/kyverno/security/advisories/GHSA-rggm-jjmc-3394
nvd.nist.gov/vuln/detail/CVE-2026-4789
www.kb.cert.org/vuls/id/655822

Code Behaviors & Features

Detect and mitigate CVE-2026-4789 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →