Skipper

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24470 HIGH PATCH This Week

Skipper versions up to 0.24.0 contains a vulnerability that allows attackers to list targets of an ExternalName and allow list via regular expressions (CVSS 8.1).

Kubernetes Skipper Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-23742 HIGH POC PATCH This Week

Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.

Kubernetes Skipper Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24470
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Skipper versions up to 0.24.0 contains a vulnerability that allows attackers to list targets of an ExternalName and allow list via regular expressions (CVSS 8.1).

Kubernetes Skipper Suse
NVD GitHub
CVE-2026-23742
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.

Kubernetes Skipper Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy