CVE-2026-26056

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-26056

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26056.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-26056

Aliases

Downstream

SUSE-SU-2026:0757-1

Related

SUSE-SU-2026:0757-1

Published

2026-02-12T21:11:13.408Z

Modified

2026-03-04T22:29:06.019442Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Details

Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a malicious URL through the overrides.yoke.cd/flight annotation. The ATC controller downloads and executes the WASM module without proper URL validation, enabling attackers to create arbitrary Kubernetes resources or potentially escalate privileges to cluster-admin level.

Database specific

{
    "cwe_ids": [
        "CWE-94"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26056.json"
}

References

Affected packages

Git / github.com/yokecd/yoke

Affected ranges

Type

GIT

Repo

https://github.com/yokecd/yoke

Events

Introduced

Fixed

f97305640524f75df4f658be45edca0b0196beb7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.19.0"
        }
    ]
}

Affected versions

atc-installer/v0.*

atc-installer/v0.0.1

atc-installer/v0.0.2

atc-installer/v0.1.0

atc-installer/v0.10.0

atc-installer/v0.10.1

atc-installer/v0.10.2

atc-installer/v0.10.3

atc-installer/v0.11.0

atc-installer/v0.11.1

atc-installer/v0.11.2

atc-installer/v0.11.3

atc-installer/v0.11.4

atc-installer/v0.11.5

atc-installer/v0.11.6

atc-installer/v0.11.7

atc-installer/v0.11.8

atc-installer/v0.12.0

atc-installer/v0.12.1

atc-installer/v0.12.2

atc-installer/v0.12.3

atc-installer/v0.13.0

atc-installer/v0.13.1

atc-installer/v0.13.2

atc-installer/v0.13.3

atc-installer/v0.14.0

atc-installer/v0.14.1

atc-installer/v0.14.2

atc-installer/v0.14.3

atc-installer/v0.14.4

atc-installer/v0.14.5

atc-installer/v0.14.6

atc-installer/v0.15.0

atc-installer/v0.15.1

atc-installer/v0.16.0

atc-installer/v0.16.1

atc-installer/v0.17.0

atc-installer/v0.17.1

atc-installer/v0.17.2

atc-installer/v0.17.3

atc-installer/v0.17.4

atc-installer/v0.2.0

atc-installer/v0.3.0

atc-installer/v0.3.1

atc-installer/v0.4.0

atc-installer/v0.4.1

atc-installer/v0.5.0

atc-installer/v0.5.1

atc-installer/v0.5.2

atc-installer/v0.5.3

atc-installer/v0.5.4

atc-installer/v0.6.0

atc-installer/v0.6.1

atc-installer/v0.6.2

atc-installer/v0.7.0

atc-installer/v0.7.1

atc-installer/v0.8.0

atc-installer/v0.8.1

atc-installer/v0.9.0

atc-installer/v0.9.1

atc-installer/v0.9.2

atc-installer/v0.9.3

atc/v0.*

atc/v0.0.1

atc/v0.0.2

atc/v0.1.0

atc/v0.1.1

atc/v0.1.2

atc/v0.10.0

atc/v0.10.1

atc/v0.10.2

atc/v0.10.3

atc/v0.10.4

atc/v0.10.5

atc/v0.10.6

atc/v0.11.0

atc/v0.11.1

atc/v0.11.2

atc/v0.11.3

atc/v0.11.4

atc/v0.11.5

atc/v0.11.6

atc/v0.11.7

atc/v0.11.8

atc/v0.12.0

atc/v0.12.1

atc/v0.12.2

atc/v0.12.3

atc/v0.12.4

atc/v0.12.5

atc/v0.13.0

atc/v0.13.1

atc/v0.13.2

atc/v0.13.3

atc/v0.13.4

atc/v0.13.5

atc/v0.14.0

atc/v0.15.0

atc/v0.15.1

atc/v0.15.10

atc/v0.15.11

atc/v0.15.12

atc/v0.15.2

atc/v0.15.3

atc/v0.15.4

atc/v0.15.5

atc/v0.15.6

atc/v0.15.7

atc/v0.15.8

atc/v0.15.9

atc/v0.16.0

atc/v0.16.1

atc/v0.16.2

atc/v0.16.3

atc/v0.16.4

atc/v0.17.0

atc/v0.17.1

atc/v0.17.2

atc/v0.17.3

atc/v0.17.4

atc/v0.17.5

atc/v0.18.0

atc/v0.18.1

atc/v0.18.2

atc/v0.18.3

atc/v0.18.4

atc/v0.18.5

atc/v0.18.6

atc/v0.18.7

atc/v0.18.8

atc/v0.2.0

atc/v0.2.1

atc/v0.3.0

atc/v0.3.1

atc/v0.3.2

atc/v0.3.3

atc/v0.4.0

atc/v0.4.1

atc/v0.4.2

atc/v0.5.0

atc/v0.5.1

atc/v0.5.2

atc/v0.5.3

atc/v0.5.4

atc/v0.5.5

atc/v0.5.6

atc/v0.5.7

atc/v0.6.0

atc/v0.6.1

atc/v0.6.2

atc/v0.6.3

atc/v0.6.4

atc/v0.7.0

atc/v0.7.1

atc/v0.7.2

atc/v0.8.0

atc/v0.8.1

atc/v0.8.2

atc/v0.9.0

atc/v0.9.1

atc/v0.9.2

atc/v0.9.3

atc/v0.9.4

atc/v0.9.5

atc/v0.9.6

atc/v0.9.7

atc/v0.9.8

atc/v0.9.9

v0.*

v0.0.0-alpha1

v0.0.0-alpha10

v0.0.0-alpha11

v0.0.0-alpha12

v0.0.0-alpha13

v0.0.0-alpha14

v0.0.0-alpha15

v0.0.0-alpha16

v0.0.0-alpha17

v0.0.0-alpha2

v0.0.0-alpha3

v0.0.0-alpha4

v0.0.0-alpha5

v0.0.0-alpha6

v0.0.0-alpha7

v0.0.0-alpha8

v0.0.0-alpha9

v0.0.0-beta1

v0.0.0-beta2

v0.0.0-beta3

v0.0.1

v0.0.10

v0.0.11

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.10.0

v0.10.1

v0.10.10

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.11.5

v0.11.6

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.12.6

v0.12.7

v0.12.8

v0.12.9

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.13.5

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.14.4

v0.15.0

v0.16.0

v0.16.1

v0.16.10

v0.16.11

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.16.7

v0.16.8

v0.16.9

v0.17.0

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.18.0

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.19.4

v0.19.5

v0.19.6

v0.19.7

v0.19.8

v0.19.9

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

yokecd-installer/v0.*

yokecd-installer/v0.0.0-20241004031222

yokecd-installer/v0.0.0-20241704012137

yokecd-installer/v0.0.1

yokecd-installer/v0.0.10

yokecd-installer/v0.0.2

yokecd-installer/v0.0.3

yokecd-installer/v0.0.4

yokecd-installer/v0.0.5

yokecd-installer/v0.0.6

yokecd-installer/v0.0.7

yokecd-installer/v0.0.8

yokecd-installer/v0.0.9

yokecd-installer/v0.1.0

yokecd-installer/v0.10.0

yokecd-installer/v0.10.1

yokecd-installer/v0.10.2

yokecd-installer/v0.10.3

yokecd-installer/v0.11.0

yokecd-installer/v0.11.1

yokecd-installer/v0.11.2

yokecd-installer/v0.11.3

yokecd-installer/v0.11.4

yokecd-installer/v0.11.5

yokecd-installer/v0.11.6

yokecd-installer/v0.11.7

yokecd-installer/v0.12.0

yokecd-installer/v0.12.1

yokecd-installer/v0.12.2

yokecd-installer/v0.12.3

yokecd-installer/v0.13.0

yokecd-installer/v0.13.1

yokecd-installer/v0.13.2

yokecd-installer/v0.13.3

yokecd-installer/v0.14.0

yokecd-installer/v0.14.1

yokecd-installer/v0.14.2

yokecd-installer/v0.14.3

yokecd-installer/v0.14.4

yokecd-installer/v0.15.0

yokecd-installer/v0.15.1

yokecd-installer/v0.15.2

yokecd-installer/v0.15.3

yokecd-installer/v0.15.4

yokecd-installer/v0.15.5

yokecd-installer/v0.16.0

yokecd-installer/v0.16.1

yokecd-installer/v0.16.2

yokecd-installer/v0.16.3

yokecd-installer/v0.17.0

yokecd-installer/v0.17.1

yokecd-installer/v0.18.0

yokecd-installer/v0.18.1

yokecd-installer/v0.18.2

yokecd-installer/v0.18.3

yokecd-installer/v0.18.4

yokecd-installer/v0.2.0

yokecd-installer/v0.3.0

yokecd-installer/v0.3.1

yokecd-installer/v0.4.0

yokecd-installer/v0.5.0

yokecd-installer/v0.5.1

yokecd-installer/v0.5.2

yokecd-installer/v0.5.3

yokecd-installer/v0.5.4

yokecd-installer/v0.6.0

yokecd-installer/v0.6.1

yokecd-installer/v0.7.0

yokecd-installer/v0.7.1

yokecd-installer/v0.7.2

yokecd-installer/v0.8.0

yokecd-installer/v0.8.1

yokecd-installer/v0.9.0

yokecd-installer/v0.9.1

yokecd/v0.*

yokecd/v0.0.2

yokecd/v0.0.3

yokecd/v0.0.4

yokecd/v0.1.0

yokecd/v0.1.1

yokecd/v0.10.0

yokecd/v0.10.1

yokecd/v0.10.2

yokecd/v0.10.3

yokecd/v0.10.4

yokecd/v0.11.0

yokecd/v0.11.1

yokecd/v0.11.2

yokecd/v0.11.3

yokecd/v0.11.4

yokecd/v0.11.5

yokecd/v0.11.6

yokecd/v0.11.7

yokecd/v0.11.8

yokecd/v0.12.0

yokecd/v0.12.1

yokecd/v0.12.2

yokecd/v0.12.3

yokecd/v0.12.4

yokecd/v0.13.0

yokecd/v0.13.1

yokecd/v0.13.2

yokecd/v0.13.3

yokecd/v0.13.4

yokecd/v0.14.0

yokecd/v0.14.1

yokecd/v0.14.2

yokecd/v0.15.0

yokecd/v0.15.1

yokecd/v0.15.2

yokecd/v0.15.3

yokecd/v0.15.4

yokecd/v0.15.5

yokecd/v0.15.6

yokecd/v0.15.7

yokecd/v0.15.8

yokecd/v0.15.9

yokecd/v0.16.0

yokecd/v0.16.1

yokecd/v0.16.2

yokecd/v0.16.3

yokecd/v0.16.4

yokecd/v0.16.5

yokecd/v0.17.0

yokecd/v0.17.1

yokecd/v0.18.0

yokecd/v0.18.1

yokecd/v0.18.2

yokecd/v0.18.3

yokecd/v0.18.4

yokecd/v0.18.5

yokecd/v0.18.6

yokecd/v0.18.7

yokecd/v0.2.0

yokecd/v0.2.1

yokecd/v0.3.0

yokecd/v0.3.1

yokecd/v0.3.2

yokecd/v0.4.0

yokecd/v0.4.1

yokecd/v0.5.0

yokecd/v0.5.1

yokecd/v0.5.2

yokecd/v0.5.3

yokecd/v0.6.0

yokecd/v0.6.1

yokecd/v0.6.2

yokecd/v0.7.0

yokecd/v0.7.1

yokecd/v0.7.2

yokecd/v0.8.0

yokecd/v0.8.1

yokecd/v0.9.0

yokecd/v0.9.1

yokecd/v0.9.2

yokecd/v0.9.3

yokecd/v0.9.4

yokecd/v0.9.5

yokecd/v0.9.6

yokecd/v0.9.7

yokecd/v0.9.8

yokecd/v0.9.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26056.json"