CVE-2026-24470 - Skipper Ingress Controller Allows Unauthorized Access to Internal Services via E...

CVE ID : CVE-2026-24470 Published : Jan. 26, 2026, 11:16 p.m. | 33 minutes ago Description : Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...