CGA-v78m-w2c9-27q9 — Vulnetix

CGA-v78m-w2c9-27q9 REJECTED

Affected Products

Vendor	Product	Versions
Chainguard	kuma-cp-2.9	0, 0, 0
Chainguard	kuma-install-cni-2.9	0, 0, 0
Chainguard	kuma-dp-2.9	0, 0, 0
Chainguard	kumactl-2.9	0, 0, 0
Wolfi	kuma-cni-2.9	0, 0, 0
Wolfi	kuma-install-cni-2.9	0, 0, 0
Wolfi	kuma-cni-compat-2.9	0, 0, 0
Wolfi	kuma-cp-2.9	0, 0, 0
Wolfi	kuma-2.9	0, 0, 0
Chainguard	kuma-2.9	0, 0, 0
Wolfi	kuma-dp-2.9	0, 0, 0
Chainguard	kuma-cni-2.9	0, 0, 0
Wolfi	kumactl-2.9	0, 0, 0
Chainguard	kuma-cni-compat-2.9	0, 0, 0

Exploit Intelligence

Proof-of-concept for CVE-2025-22870 demonstrating HTTP proxy bypass in vulnerable versions (<0.36.0) of golang.org/x/net/http/httpproxy. Exploits improper IPv6 zone ID parsing to evade NO_PROXY restrictions, enabling proxy bypass and potential SSRF under misconfigured environments. (github-poc)
CHANGELOG-v1.73.1.yml (github-poc)
scan.openvex.json (github-poc)

Timeline

Jan 28, 2026 CVE Rejected

Open in Interactive Console →

$ Console Community · 100/wk Open console ›