Skip to main content

Kubernetes CVE-2026-24470

HIGH
Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441)
2026-01-26 security-advisories@github.com GHSA-mxxc-p822-2hx9
Kubernetes Skipper Suse
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
Patch released
Feb 18, 2026 - 17:39 nvd
Patch available
CVE Published
Jan 26, 2026 - 23:16 nvd
HIGH 8.1

DescriptionGitHub Advisory

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.

AnalysisAI

Skipper versions up to 0.24.0 contains a vulnerability that allows attackers to list targets of an ExternalName and allow list via regular expressions (CVSS 8.1).

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Create Ingress with ExternalName Service
Exploit
Skipper routes traffic through proxy
Impact
Access internal services via network bridge
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Kubernetes cluster running Skipper < 0.24.0 as Ingress controller with ExternalName Services enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.1 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to list targets of an ExternalName and allow list via regular expressions.
Remediation A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running Skipper versions up to 0.24.0 and document exposure scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53999 HIGH
7.7 Jun 12

Cross-tenant container deletion in the Radius Kubernetes controller (versions <= v0.57.1) allows a tenant with Deploymen
CVE-2026-48782 MEDIUM
6.8 Jun 16

Server-Side Request Forgery in Pydantic AI (versions 1.56.0-1.101.0, 2.0.0b1, 2.0.0b2) allows unauthenticated network at
CVE-2026-11769 MEDIUM
6.4 Jun 13

Privilege escalation in Grafana Operator (all versions ≤ 5.23) allows any user with Kubernetes RBAC permissions to creat
CVE-2026-48518 MEDIUM
4.3 Jun 15

{team}/join), exploiting the fact that text/plain Content-Type does not trigger a CORS preflight check. In CTF deploymen
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-24470 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy