CVE-2026-24470 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-24470 at MITRE

Description

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-SU-2026:0403-1, published 2026-02-06T16:58:35Z

List of released packages

Product(s)	Fixed package version(s)	References

SUSE Timeline for this CVE

CVE page created: Tue Jan 27 02:02:47 2026
CVE page last modified: Fri May 8 12:08:47 2026