{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T00:27:05.009","vulnerabilities":[{"cve":{"id":"CVE-2026-24470","sourceIdentifier":"security-advisories@github.com","published":"2026-01-26T23:16:09.123","lastModified":"2026-02-18T17:39:44.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions."},{"lang":"es","value":"Skipper es un router HTTP y proxy inverso para la composición de servicios. Antes de la versión 0.24.0, al ejecutar Skipper como un controlador Ingress, los usuarios con permisos para crear un Ingress y un Servicio de tipo ExternalName pueden crear rutas que les permiten usar el acceso de red de Skipper para alcanzar servicios internos. La versión 0.24.0 deshabilita Kubernetes ExternalName por defecto. Como solución alternativa, los desarrolladores pueden incluir en la lista de permitidos los objetivos de un ExternalName e incluir en la lista de permitidos mediante expresiones regulares."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-441"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zalando:skipper:*:*:*:*:*:*:*:*","versionEndExcluding":"0.24.0","matchCriteriaId":"DEBBEB5D-B41E-48C3-BF83-F5018AAA9D12"}]}]}],"references":[{"url":"https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9","source":"security-advisories@github.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://kubernetes.io/docs/concepts/services-networking/service/#externalname","source":"security-advisories@github.com","tags":["Product"]}]}}]}