Description

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.

INFO

Published Date :

2026-01-26T22:23:43.325Z

Last Modified :

2026-01-26T22:23:43.325Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24470 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24470.

URL Resource
https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219 cve-icon cve-icon
https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9 cve-icon cve-icon
https://kubernetes.io/docs/concepts/services-networking/service/#externalname cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact