CVE-2026-22726

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

EUVD-2026-26458

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry

Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v​​0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...