CVE-2026-23881: Kyverno Denial of Service via Context Variable Amplification in Policy Engine
(updated )
Unbounded memory consumption in Kyverno’s policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables.
References
- github.com/advisories/GHSA-r2rj-wwm5-x6mq
- github.com/kyverno/kyverno
- github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f
- github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175b7
- github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq
- nvd.nist.gov/vuln/detail/CVE-2026-23881
Code Behaviors & Features
Detect and mitigate CVE-2026-23881 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →