CVE-2026-26055 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting the Yoke infrastructure-as-code package deployer, versions 0.19.0 and earlier. Yoke's Air Traffic Controller (ATC) component exposes webhook endpoints designed to handle AdmissionReview requests, which are part of Kubernetes admission control workflows. However, these endpoints lack proper authentication mechanisms, allowing any pod within the same Kubernetes cluster network to send AdmissionReview requests directly to the ATC webhook. This effectively bypasses the Kubernetes API Server's authentication and authorization controls. As a result, an attacker controlling a pod inside the cluster can trigger WebAssembly (WASM) module execution within the ATC controller context without proper authorization. This unauthorized execution can lead to integrity violations, such as unauthorized changes to deployment configurations or infrastructure state managed by Yoke. The vulnerability has a CVSS v3.1 score of 7.5, reflecting high severity due to network attack vector, no privileges required, no user interaction, and impact on integrity. No patches are currently linked, and no known exploits have been reported in the wild. The vulnerability highlights a critical security design flaw in the ATC webhook authentication model, emphasizing the need for strict access controls on internal cluster components that handle sensitive admission requests.

For European organizations deploying Kubernetes clusters with Yoke versions 0.19.0 or earlier, this vulnerability poses a significant risk to the integrity of their infrastructure-as-code deployments. An attacker who gains control of any pod within the cluster network can exploit this flaw to execute unauthorized WASM modules in the ATC controller context, potentially altering deployment configurations or injecting malicious code. This can lead to compromised application behavior, unauthorized infrastructure changes, and a loss of trust in automated deployment pipelines. While confidentiality and availability are not directly impacted, the integrity breach can cascade into broader security incidents, including privilege escalation or lateral movement within the cluster. Organizations in sectors with strict compliance requirements (e.g., finance, healthcare, critical infrastructure) may face regulatory and reputational risks if such unauthorized modifications occur. The lack of required privileges or user interaction lowers the barrier for exploitation, increasing the threat level in multi-tenant or shared Kubernetes environments common in European enterprises.

European organizations should immediately audit their Kubernetes clusters for Yoke usage and verify the version in deployment. Upgrading Yoke to a version later than 0.19.0, once available, is the primary mitigation step. Until a patch is released, organizations should implement network segmentation within the cluster to restrict pod-to-pod communication, especially limiting access to the ATC webhook endpoints. Employ Kubernetes Network Policies to enforce strict ingress rules that only allow trusted pods or namespaces to communicate with the ATC component. Additionally, consider deploying admission controllers or service meshes that can enforce authentication and authorization on internal webhook calls. Monitoring and logging AdmissionReview requests to the ATC webhook can help detect anomalous or unauthorized access attempts. Finally, review and harden the cluster's overall security posture, including pod security policies and least privilege principles, to reduce the risk of pod compromise that could lead to exploitation.