CVE-2026-41485 - Kyverno forEach mutation panic DoS

rg -n "kyverno|ghcr\\.io/kyverno/kyverno|kyverno.io|ClusterPolicy|kind: Policy|mutateExisting|foreach|patchesJson6902|UpdateRequest" .
rg -n "kyverno/kyverno|app.kubernetes.io/name: kyverno|background-controller|admission-controller" charts deploy k8s helm terraform .github . 2>/dev/null
helm list -A | grep -Ei 'kyverno'
kubectl -n kyverno get deploy,pods -o wide
kubectl -n kyverno get pods -l app.kubernetes.io/component=background-controller
kubectl get policy,clusterpolicy -A -o yaml | grep -Ei 'foreach|patchesJson6902|mutateExisting'
kubectl get updaterequest -A

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-41485 (Kyverno forEach mutation panic denial of
service). Produce exactly one output:

- A reviewer-ready PR/change request that upgrades Kyverno, contains vulnerable
  policy creation paths, adds safe regression coverage, and documents operator
  cleanup, or
- TRIAGE.md if this repository does not own an affected Kyverno deployment,
  policy-as-code surface, or safe patch path.

## Rules

- Scope only CVE-2026-41485 / GHSA-fpjq-c37h-cqcv and directly related Kyverno
  policy-engine containment.
- Treat cluster kubeconfigs, service account tokens, admission webhook
  credentials, policy exception data, tenant policy repos, controller logs, and
  incident evidence as sensitive.
- Do not apply panic-triggering Policy or ClusterPolicy payloads to production,
  shared, customer, or developer clusters.
- Do not delete live `Policy`, `ClusterPolicy`, or `UpdateRequest` resources
  unless this repository explicitly owns the incident/runbook path and the
  change is framed as an operator action.
- Do not disable Kyverno admission, background processing, or fail-closed
  controls as a silent workaround.
- Do not auto-merge.

## Steps

1. Inventory every Kyverno asset controlled by this repository:
   Helm charts, values files, `Chart.lock`, Kustomize overlays, raw manifests,
   Terraform, Flux/Argo CD applications, operators, cluster bootstrap scripts,
   image tags/digests, SBOMs, policy-as-code directories, CI workflows, and
   runbooks.
2. Determine every resolved Kyverno version. A target is vulnerable if it
   resolves to:
   - `>=1.13.0, <1.16.4`;
   - `>=1.17.0-rc.1, <1.17.2`.
3. Search controlled policies and generated artifacts for legacy mutation
   shapes:
   - `kind: Policy`;
   - `kind: ClusterPolicy`;
   - `mutate`;
   - `foreach`;
   - `patchesJson6902`;
   - `patchStrategicMerge`;
   - `mutateExisting`;
   - `UpdateRequest`.
4. Map who can create or update policy resources:
   namespace users, tenant roles, CI jobs, GitOps controllers, support groups,
   platform agents, agentic remediation workflows, and cluster-admin
   automation.
5. If this repository does not deploy Kyverno and does not control Kyverno
   policy-as-code, stop with `TRIAGE.md` naming the files checked, the likely
   runtime owner, and the required fixed versions `1.16.4+` or `1.17.2+`.
6. Upgrade Kyverno to a fixed version using the repository's normal delivery
   mechanism. Regenerate lockfiles, rendered manifests, image digests, SBOMs,
   deployment evidence, and policy inventory.
7. Add temporary containment for non-atomic rollouts:
   - restrict `Policy` and `ClusterPolicy` creation/update to trusted platform
     owners until patched controllers are deployed;
   - pause self-service policy onboarding or agent-created policy changes;
   - add admission or CI checks that block vulnerable `mutate.foreach`
     `patchesJson6902` patterns before they reach a cluster;
   - document that CEL-based policies are preferred when they cover the use
     case.
8. Add safe regression coverage without crashing real controllers:
   - static tests that reject `patchesJson6902` values sourced entirely from
     unresolved substitutions such as `{{ element.nonexistent }}`;
   - policy-lint fixtures for `foreach` mutation rules;
   - version checks proving rendered Kyverno deployments resolve to fixed
     versions;
   - RBAC tests or policy checks showing only trusted owners can create or
     update high-impact `Policy` and `ClusterPolicy` resources.
9. Add an operator cleanup section named `CVE-2026-41485 operator actions` to
   the PR body or `TRIAGE.md`:
   - Kyverno versions before and after the change;
   - whether legacy `mutate.foreach` rules are present;
   - whether namespaced users, tenants, CI jobs, or agents can create Kyverno
     policies;
   - whether `UpdateRequest` resources need inspection or cleanup;
   - how to identify a poisoned policy without reapplying the exploit;
   - which background-controller and admission-controller logs should be
     reviewed;
   - what rollback/restore steps preserve fail-closed behavior.
10. Run relevant validation: Helm dependency update, Helm template, Kustomize
    build, Terraform plan, policy lint, Kyverno CLI tests, unit tests,
    integration tests, image build, SBOM refresh, and dependency/security scans
    available in this repository.
11. Use PR title:
    `fix(sec): remediate CVE-2026-41485 in Kyverno policy control plane`.

## Stop conditions

- No Kyverno deployment, Kyverno policy-as-code, or cluster bootstrap artifact
  is controlled by this repository.
- All controlled Kyverno targets already resolve to `1.16.4+` or `1.17.2+`
  and rendered artifacts prove no vulnerable controller remains.
- Upgrading Kyverno requires a platform release train outside this repository.
- Proving exposure would require applying a panic-triggering policy to a live
  or shared cluster.
- Product requirements intentionally let untrusted users or agents create
  arbitrary Kyverno policies; document the risk and require a product/security
  decision.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.