Lucene search
K

341 matches found

CVE
CVE
added 2 hours ago7 views

CVE-2026-56742

CVE-2026-56742 affects Cilium when using Gateway API. Before versions 1.17.17, 1.18.11, and 1.19.5, users with permissions to create or update namespaced HTTPRoutes could mirror HTTP traffic to any Service in any namespace, bypassing ReferenceGrant authorization. Gateway API functionality is disa...

5.9CVSS6.1AI score
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-15738

The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...

8.5CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday35 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

8.5CVSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/08 9:23 p.m.3 views

Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS5.9AI score0.0016EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 9:16 p.m.6 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 8:21 p.m.32 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 8:21 p.m.8 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 8:21 p.m.6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/08 8:18 p.m.9 views

Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS6.1AI score0.0016EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/07 8:44 p.m.36 views

CVE-2026-53935 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS0.00341EPSS
Exploits0References7
CVE
CVE
added 2026/07/07 8:44 p.m.14 views

CVE-2026-53935

Summary: CVE-2026-53935 affects Cilium versions prior to 1.17.16, 1.18.2–1.18.9, and 1.19.0–1.19.3. An attacker who can create a CiliumLocalRedirectPolicy may specify arbitrary ClusterIPs via addressMatcher, enabling cross-namespace traffic hijacking to Services and bypassing serviceMatcher names...

6.9CVSS6AI score0.00341EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:44 p.m.5 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/07/07 8:44 p.m.8 views

CVE-2026-53935 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References9
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5914 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium...

6.9CVSS5.9AI score0.00341EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

8.5CVSS0.00346EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/06 8:45 p.m.6 views

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...

6.9CVSS6AI score0.00341EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:27 p.m.5 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/06 8:27 p.m.26 views

CVE-2026-54765

CVE-2026-54765 affects Traefik v3.7.0 through v3.7.5, fixed in v3.7.6. In the Kubernetes Gateway API provider, two accepted HTTPRoutes targeting the same backend Service:port can have different backendRef filters, with only one route’s filter set applied to all requests. This can allow a route’s ...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 8:27 p.m.5 views

CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/07/06 8:27 p.m.9 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References4
Rows per page
Query Builder