Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0887

NIXPKGS-2026-0887

GitHub issue published on

Permalink CVE-2026-4789

updated 1 month ago by @mweinelt Activity log

Created suggestion 1 month ago
@mweinelt ignored package kyverno-chainsaw 1 month ago
@mweinelt accepted 1 month ago
@mweinelt published on GitHub 1 month ago

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

References

Affected products

Kyverno

==1.16.0

Matching in nixpkgs

pkgs.kyverno

Kubernetes Native Policy Management

nixos-unstable 1.16.2
- nixpkgs-unstable 1.16.2
- nixos-unstable-small 1.16.2
nixos-25.11 1.15.2
- nixos-25.11-small 1.15.2
- nixpkgs-25.11-darwin 1.15.2

Ignored packages (1)

pkgs.kyverno-chainsaw

Declarative approach to test Kubernetes operators and controllers

nixos-unstable 0.2.14
- nixpkgs-unstable 0.2.14
- nixos-unstable-small 0.2.14
nixos-25.11 0.2.13
- nixos-25.11-small 0.2.13
- nixpkgs-25.11-darwin 0.2.13

Package maintainers

@bryanasdev000 Bryan Albuquerque <bryanasdev000@gmail.com>

https://github.com/kyverno/kyverno/pull/15729