CVE-2026-23881 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23881 PUBLISHED

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

EPSS 0.05% · 16.7th percentile

Risk Scores

EPSS Score

0.05%

16.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	kyverno	0, 1.16.0
Bitnami	kyverno	0, 1.16.0

Timeline

Jan 27, 2026 CVE Published
Jan 27, 2026 PoC Published
Jan 28, 2026 EPSS Score
Jan 29, 2026 CVE Updated
Jan 30, 2026 EPSS Score
Jan 30, 2026 Security Advisory
Feb 1, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score

References

Open in Interactive Console →