Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0887

NIXPKGS-2026-0887

GitHub issue published 2 months, 3 weeks ago

Permalink CVE-2026-4789

updated 2 months, 3 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 3 weeks ago
@mweinelt ignored package kyverno-chainsaw 2 months, 3 weeks ago
@mweinelt accepted 2 months, 3 weeks ago
@mweinelt published on GitHub 2 months, 3 weeks ago

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

References

Affected products

Kyverno

==1.16.0

Matching in nixpkgs

pkgs.kyverno

Kubernetes Native Policy Management

nixos-unstable 1.16.2
- nixpkgs-unstable 1.16.2
- nixos-unstable-small 1.16.2

Ignored packages (1)

pkgs.kyverno-chainsaw

Declarative approach to test Kubernetes operators and controllers

nixos-unstable 0.2.14
- nixpkgs-unstable 0.2.14
- nixos-unstable-small 0.2.14

https://github.com/kyverno/kyverno/pull/15729