GHSA-GG4X-FGG2-H9W9
9.00.08%
The VIP List Loophole: Bypassing Kyverno Policies via Exception Stacking
Amit Schendel
Senior Security ResearcherJan 6, 2026·7 min read·3 visits
PoC Available
Executive Summary (TL;DR)
Kyverno v1.9.0 through v1.12.7 has a critical logic flaw in handling multiple `PolicyException` objects. If an administrator defines a specific exception (e.g., "allow in namespace A") and a broad exception (e.g., "allow pods named *ingress*"), Kyverno treats these as a simple OR condition. An attacker can deploy a malicious payload in a restricted namespace simply by matching the name pattern of the broad exception, bypassing policies like `disallow-host-path` and gaining potential root access to nodes.
A logic flaw in Kyverno's policy engine allows attackers to bypass critical security enforcement by exploiting how the system aggregates multiple PolicyException resources. By crafting resources that match broad exception patterns (like names), attackers can evade namespace-specific restrictions.
Official Patches
Technical Appendix
CVSS Score
9.0/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HEPSS Probability
0.08%
Top 100% most exploited
Affected Systems
Kyverno Policy EngineKubernetes Clusters using Kyverno
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Kyverno Kyverno | >= 1.9.0, <= 1.12.7 | 1.13.0 |
| Attribute | Detail |
|---|---|
| Severity | Critical (9.0) |
| Attack Vector | Network (Kubernetes API) |
| Bug Class | Logic Error / Improper Policy Composition |
| Affected Versions | v1.9.0 - v1.12.7 |
| Privileges Required | Low (Create Pods) |
| Status | Patched |
MITRE ATT&CK Mapping
CWE-284
Improper Access Control
The product does not correctly calculate or handle the union of multiple permission/exception sets, leading to unintended access.
Known Exploits & Detection
Vulnerability Timeline
Vulnerability discovered by researcher mtkpi
2025-12-01
GHSA-GG4X-FGG2-H9W9 Published
2026-01-06
Kyverno v1.13.0 Released (Patch)
2026-01-06