CVE-2026-24470 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissi…
High CVSS: 8.1

CVE-2026-24470

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.
Vendor
Zalando
Product
Skipper
CWE
CWE-441
Yayın Tarihi
2026-01-26 23:16:09
Güncelleme
2026-02-18 17:39:44
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-441 Skipper HIGH Zalando 2026

Referanslar

https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219 https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9 https://kubernetes.io/docs/concepts/services-networking/service/#externalname