CVE-2026-24470
EUVD-2026-483126.01.2026, 23:16
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zalando | skipper | 𝑥 < 0.24.0 |
𝑥
= Vulnerable software versions