← العودة للجدول
CVE-2026-54246
CVE-2026-54246 — Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentica
📅 2026-07-18
🟡 Medium 🔥 No GHSA Vulnerability Containers CVSS 5.7

📋 الوصف الكامل

## Description The `routesrv` component exposes the full cluster route topology (Ingress/RouteGroup configurations, backend URLs, filter chains, OAuth/OIDC callback paths) and cache-cluster topology (Redis/Valkey shard addresses) over plain HTTP with **zero authentication**. Any pod in the Kubernetes cluster can reach routesrv via its predictable DNS name and retrieve sensitive cluster-wide routi

💻 الأنظمة المتأثرة

Kubernetes

⚠️ نوع التهديد

Vulnerability

🔗 CVE ID

CVE-2026-54246

📡 المصدر

GHSA

✅ الحلول والتخفيف

Refer to CVE-2026-54246 NVD advisory

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←