CVE-2026-29773

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-29773

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29773.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-29773

Aliases

Downstream

SUSE-SU-2026:1042-1

Related

SUSE-SU-2026:1042-1

Published

2026-03-09T22:23:57.793Z

Modified

2026-04-10T05:41:40.261203Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding

Details

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner, without privilege escalation. An attacker with privileged "AdmissionPolicy" create permissions (which isn't the default) could make use of 3 deprecated host-callback APIs: kubernetes/ingresses, kubernetes/namespaces, kubernetes/services. The attacker can craft a policy that exercises these deprecated API calls and would allow them read access to Ingresses, Namespaces, and Services resources respectively. This attack is read-only, there is no write capability and no access to Secrets, ConfigMaps, or other resource types beyond these three.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29773.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/kubewarden/kubewarden-controller

Affected ranges

Type: GIT
Repo: https://github.com/kubewarden/kubewarden-controller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1b4ef28e45172e277c8e62b0c8ea84e4b244408c

Affected versions

v0.*

v0.0.1

v0.1.0

v0.1.0-rc1

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.5-rc1

v0.5.1

v0.5.2

v0.5.2-rc

v0.5.2-rc2

v0.5.3

v0.5.4

v0.5.5

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc3

v1.0.0-rc4

v1.1.0

v1.1.1

v1.10.0

v1.10.0-rc1

v1.10.0-rc2

v1.10.1

v1.11.0

v1.11.0-rc1

v1.11.0-rc2

v1.11.0-rc3

v1.11.0-rc4

v1.11.0-rc5

v1.11.0-rc6

v1.12.0

v1.12.0-rc1

v1.12.0-rc2

v1.13.0

v1.13.0-rc1

v1.13.0-rc2

v1.14.0

v1.14.0-rc1

v1.14.0-rc2

v1.15.0

v1.15.0-rc2

v1.15.0-rc3

v1.15.1

v1.16.0

v1.16.0-rc2

v1.17.0

v1.17.0-rc1

v1.17.0-rc2

v1.17.0-rc3

v1.17.0-rc4

v1.17.1

v1.18.0

v1.18.0-beta1

v1.18.0-rc1

v1.19.0

v1.19.0-beta1

v1.19.0-rc1

v1.20.0

v1.20.0-rc1

v1.20.1

v1.21.0

v1.21.0-rc1

v1.21.0-rc2

v1.22.0

v1.22.0-rc1

v1.23.0

v1.23.0-beta1

v1.23.0-beta2

v1.23.0-rc1

v1.24.0

v1.24.0-rc1

v1.24.0-rc3

v1.25.0

v1.25.0-rc1

v1.26.0

v1.26.0-rc1

v1.27.0

v1.27.0-rc1

v1.28.0

v1.28.0-rc1

v1.29.0

v1.29.0-rc1

v1.29.0-rc2

v1.29.0-rc3

v1.3.0

v1.3.0-rc1

v1.3.0-rc2

v1.3.0-rc3

v1.30.0

v1.30.0-rc1

v1.30.0-rc2

v1.31.0

v1.31.0-rc1

v1.32.0

v1.32.0-rc1

v1.32.0-rc2

v1.32.0-rc3

v1.32.0-rc4

v1.32.0-rc5

v1.32.1

v1.33.0-rc1

v1.33.0-rc2

v1.33.0-rc3

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.6.0

v1.6.0-rc1

v1.6.0-rc3

v1.6.0-rc5

v1.6.1

v1.6.2

v1.7.0

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.1

v1.8.0

v1.8.0-rc1

v1.8.0-rc2

v1.8.1

v1.8.2

v1.9.0

v1.9.0-rc1

v1.9.0-rc2

v1.9.0-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29773.json"