{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T00:54:18.292","vulnerabilities":[{"cve":{"id":"CVE-2026-32254","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T04:17:24.340","lastModified":"2026-06-17T10:35:26.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds include enabling DenyServiceExternalIPs feature gate, deploying admission policy, restricting service creation RBAC, monitoring service changes, and applying BGP prefix filtering."},{"lang":"es","value":"Kube-router es una solución llave en mano para redes de Kubernetes. Antes de la versión 2.8.0, el módulo proxy de Kube-router no valida las externalIPs o las IPs de loadBalancer antes de programarlas en la configuración de red del nodo. La versión 2.8.0 contiene un parche para el problema. Las soluciones alternativas disponibles incluyen habilitar la puerta de características DenyServiceExternalIPs, desplegar una política de admisión, restringir el RBAC de creación de servicios, monitorear los cambios de servicio y aplicar el filtrado de prefijos BGP."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cloudnativelabs","product":"kube-router","versions":[{"version":"< 2.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-18T13:35:53.287054Z","id":"CVE-2026-32254","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kube-router:kube-router:*:*:*:*:*:kubernetes:*:*","versionEndExcluding":"2.8.0","matchCriteriaId":"C1324BAF-805F-49AF-9BAB-9218F73A9A2C"}]}]}],"references":[{"url":"https://github.com/cloudnativelabs/kube-router/commit/a1f0b2eea3ee0f66b9a5b5c49dcb714619ccd456","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/cloudnativelabs/kube-router/releases/tag/v2.8.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/cloudnativelabs/kube-router/security/advisories/GHSA-phqm-jgc3-qf8g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]},{"url":"https://github.com/cloudnativelabs/kube-router/security/advisories/GHSA-phqm-jgc3-qf8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]}]}}]}