cbcvebase.
CVE-2026-4789
published 2026-03-30

CVE-2026-4789: Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.70%
48.7th percentile
Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

Affected

4 ranges
VendorProductVersion rangeFixed in
github.comkyverno_kyverno>= 1.16.0 < 1.17.01.17.0
github.comkyverno_kyverno1.16.0 – 1.17.1
kyvernokyverno
kyvernokyverno1.16.0 – 1.17.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.