Description

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner, without privilege escalation. An attacker with privileged "AdmissionPolicy" create permissions (which isn't the default) could make use of 3 deprecated host-callback APIs: kubernetes/ingresses, kubernetes/namespaces, kubernetes/services. The attacker can craft a policy that exercises these deprecated API calls and would allow them read access to Ingresses, Namespaces, and Services resources respectively. This attack is read-only, there is no write capability and no access to Secrets, ConfigMaps, or other resource types beyond these three.

INFO

Published Date :

2026-03-09T22:23:57.793Z

Last Modified :

2026-03-10T14:31:47.680Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29773 vulnerability.

Vendors Products
Kubewarden
  • Kubewarden-controller
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29773.

URL Resource
https://github.com/kubewarden/kubewarden-controller/commit/4e41b60ae44902d82d94101bac93fb77cae65651 cve-icon cve-icon
https://github.com/kubewarden/kubewarden-controller/pull/1519 cve-icon cve-icon
https://github.com/kubewarden/kubewarden-controller/security/advisories/GHSA-6r7f-3fwq-hq74 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact