Is github.com/zalando/skipper affected by CVE-2026-24470?

Go github.com/zalando/skipper is affected in <0.24.0.

Is CVE-2026-24470 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2026-24470

Q: Is CVE-2026-24470 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Go · github.com/zalando/skipper

Summary

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Severity: medium
EPSS: 0.3% (p18)
Also known as: GHSA-mxxc-p822-2hx9, GO-2026-4378
Published: 2026-02-02

References

https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9
https://nvd.nist.gov/vuln/detail/CVE-2026-24470
https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219

Related advisories

CVE-2026-23742 — medium · Go/github.com/zalando/skipper

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.