Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-4789

updated 2 weeks, 4 days ago by @florentc Activity log

Created automatic suggestion 2 weeks, 5 days ago
@florentc added maintainer @florentc 2 weeks, 4 days ago maintainer.add
@florentc deleted maintainer @bryanasdev000 2 weeks, 4 days ago maintainer.delete
@florentc added
2 maintainers
- @fricklerhandwerk
- @bryanasdev000
2 weeks, 4 days ago maintainer.add

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

References

Affected products

Kyverno

==1.16.0

Matching in nixpkgs

pkgs.kyverno

Kubernetes Native Policy Management

nixos-unstable 1.16.2
- nixpkgs-unstable 1.16.2
- nixos-unstable-small 1.16.2
nixos-25.11 1.15.2
- nixos-25.11-small 1.15.2
- nixpkgs-25.11-darwin 1.15.2

pkgs.kyverno-chainsaw

Declarative approach to test Kubernetes operators and controllers

nixos-unstable 0.2.14
- nixpkgs-unstable 0.2.14
- nixos-unstable-small 0.2.14
nixos-25.11 0.2.13
- nixos-25.11-small 0.2.13
- nixpkgs-25.11-darwin 0.2.13

Package maintainers

@bryanasdev000 Bryan Albuquerque <bryanasdev000@gmail.com>
@Sanskarzz Sanskar Gurdasani <sanskar.gur@gmail.com>

Additional maintainers

@florentc Florent Ch.
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>