Is Kyverno 1.13.6 patched?
Current stable (1.17.2): 100/100
1.13.6 has 7 open critical-or-high vulnerabilities. Run 1.17.2 or later to clear them. See what 1.17.2 fixes →
Summary iPlain-English security status for Kyverno 1.13.6, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Kyverno 1.13.6 is part of the 1.13 release line. 7 known vulnerabilities affect it. The minimum safe version is 1.17.2 — upgrade to it or later to clear the open critical/high issues. The 1.13 line reached end-of-life on 2025-11-10, so it no longer receives security patches. The latest supported Kyverno release is 1.17.2.
Known issues affecting 1.13.6
Exploited first, then by exploitation probability.
CVE-2026-41323 HIGH EPSS 1% → fixed in 1.17.2 CVE-2026-23881 HIGH EPSS 1% → fixed in 1.16.3 CVE-2026-22039 CRITICAL EPSS 1% → fixed in 1.16.3 CVE-2025-47281 HIGH EPSS 0% → fixed in 1.14.2 CVE-2026-41485 HIGH EPSS 0% → fixed in 1.17.2 CVE-2026-40868 HIGH EPSS 0% → fixed in 1.16.4 CVE-2026-41068 HIGH EPSS 0% → fixed in 1.17.2Other Kyverno versions
Check another release line of Kyverno.
Frequently asked
Is Kyverno 1.13.6 patched?
Kyverno 1.13.6 is end-of-life and no longer receives security patches. Move to 1.17.2.
What version should I upgrade Kyverno 1.13.6 to?
Upgrade Kyverno 1.13.6 to at least 1.17.2 to clear its 7 open critical-or-high vulnerabilities.
When does Kyverno 1.13 reach end-of-life?
Kyverno 1.13 reached end-of-life on 2025-11-10 and no longer receives security patches.
What is the latest version of Kyverno?
The latest supported Kyverno release is 1.17.2.
Is Kyverno 1.13.6 still receiving security updates?
No — Kyverno 1.13.6 is on the 1.13 line, which reached end-of-life on 2025-11-10 and no longer receives security updates. Upgrade to 1.17.2 or later to stay supported.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Kyverno's official advisory before you patch or upgrade — Kyverno official site ↗