VYPR
High severityOSV Advisory· Published Jan 27, 2026· Updated Jan 27, 2026

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

CVE-2026-23881

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kyverno/kyvernoGo
< 1.15.31.15.3
github.com/kyverno/kyvernoGo
>= 1.16.0-rc.1, < 1.16.31.16.3

Affected products

50

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.