FKIE_CVE-2026-24470

Vulnerability from fkie_nvd - Published: 2026-01-26 23:16 - Updated: 2026-02-18 17:39
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.
References
security-advisories@github.comhttps://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219Patch
security-advisories@github.comhttps://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9Vendor Advisory, Mitigation
security-advisories@github.comhttps://kubernetes.io/docs/concepts/services-networking/service/#externalnameProduct
Impacted products
Vendor Product Version
zalando skipper *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zalando:skipper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBBEB5D-B41E-48C3-BF83-F5018AAA9D12",
              "versionEndExcluding": "0.24.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper\u0027s network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions."
    },
    {
      "lang": "es",
      "value": "Skipper es un router HTTP y proxy inverso para la composici\u00f3n de servicios. Antes de la versi\u00f3n 0.24.0, al ejecutar Skipper como un controlador Ingress, los usuarios con permisos para crear un Ingress y un Servicio de tipo ExternalName pueden crear rutas que les permiten usar el acceso de red de Skipper para alcanzar servicios internos. La versi\u00f3n 0.24.0 deshabilita Kubernetes ExternalName por defecto. Como soluci\u00f3n alternativa, los desarrolladores pueden incluir en la lista de permitidos los objetivos de un ExternalName e incluir en la lista de permitidos mediante expresiones regulares."
    }
  ],
  "id": "CVE-2026-24470",
  "lastModified": "2026-02-18T17:39:44.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-26T23:16:09.123",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory",
        "Mitigation"
      ],
      "url": "https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://kubernetes.io/docs/concepts/services-networking/service/#externalname"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-441"
        },
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.