ASR AI Security Radar
Methodology Recent Incidents Get Notified

Back to incidents

AI security incident: Unauthenticated Admission Webhook Endpoints in Yoke ATC (GHSA-965m-v4cc-6334)

Incident date: February 12, 2026 | Published: February 25, 2026 | Source: GitHub Security Advisory | Classification confidence: 80%

This incident is part of the public archive. AI-specific signals are limited in the current source material, so source citations should be reviewed closely during triage. Review methodology.

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization. **Recommended CWE**: CWE-306 (Missing Authentication for Critical Function) ## Summary Yoke ATC implements multiple Admission Webhook endpoints ( /validations/{airway} , /validations/resources , /validations/flights.yoke.cd , /validations/airways.yoke.cd , etc.

Why This Is AI-Related

This advisory is part of the public incident archive, but the current source material uses limited explicit AI terminology, so the cited sources should be reviewed carefully when judging AI relevance and exposure.

  • Explicit AI-specific signals are limited in the current source material, so use the cited advisory to validate scope during triage.

Affected Workflow

Review the AI product, dependency, and integration points mentioned in the source advisory before broadening remediation.

Likely Attack Path

The advisory indicates a security path that can affect AI applications, assistants, models, or connected automation workflows if the component is deployed.

Impact

The issue can weaken identity or authorization boundaries around AI features, plugins, or operator workflows. Severity HIGH. Classification confidence 80%. Source channel GHSA.

Detection And Triage Signals

  • New security events tied to the affected component or advisory identifier
  • Changes in AI workflow behavior, access logs, or plugin execution after the advisory window
  • Evidence that the vulnerable version is active in environments that process sensitive data

Recommended Response

  • Audit the affected AI workflow for exposed admin actions, service tokens, and user-to-tool permissions.
  • Rotate or disable sensitive credentials if the issue could weaken authentication or authorization boundaries.
  • Review access logs for unusual account actions, scope changes, or integrations created after disclosure.

Compliance And Business Impact

Even when exploit details are still emerging, delayed triage can widen operational and compliance exposure around AI systems.

Sources

Want alerts like this in real time?

Get notified with incident context, likely impact, and response guidance.

Get Notified

More incidents