216.73.216.6

CVE-2026-22726

· Published 01/05/2026 00:16 · Modified 01/05/2026 15:28

Labels: CVE-2026-22726 2026-05-01CVE-2026-22726CWE-923[email protected]

Essential information

Published
01/05/2026 00:16
Modified
01/05/2026 15:28
Author
Creator
CVSS
5.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVSS metrics

Description

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vmware / cloud foundry cpe:2.3:a:vmware:cloud_foundry:0.118.0-0.371.0:*:*:*:*:*:*:*
vmware / cloud foundry cpe:2.3:a:vmware:cloud_foundry:0.372.0:*:*:*:*:*:*:*

References