VDB
GO-2026-4724
GO-2026-4724
PUBLISHED
CVSS 8.699999809265137 HIGH
Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS in github.com/cloudnativelabs/kube-router
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | cloudnativelabs/kube-router/v2 | 0, 0 |
| github.com | cloudnativelabs/kube-router | 0, 0 |
Timeline
- Mar 26, 2026 CVE Published
- Mar 26, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/cloudnativelabs/kube-router/security/advisories/GHSA-phqm-jgc3-qf8g advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32254 advisory
- https://github.com/cloudnativelabs/kube-router/commit/a1f0b2eea3ee0f66b9a5b5c49dcb714619ccd456 fix
- https://github.com/cloudnativelabs/kube-router/releases/tag/v2.8.0 fix