Home / Vulnerability Intelligence / CVE-2026-32254

CVE-2026-32254 - Vulnerability Analysis

HighCVSS: 7.1

Last Updated: March 19, 2026

Kube-router - Misconfiguration

Published: March 18, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable

Overview

Kube-router < 2.8.0 contains a misconfiguration vulnerability caused by lack of validation of externalIPs or loadBalancer IPs in the proxy module, letting attackers manipulate node network configuration, exploit requires ability to create or modify services.

Severity & Score

Severity: High

CVSS Score: 7.1

Impact

Attackers can manipulate node network configuration, potentially disrupting network traffic or causing denial of service.

Mitigation

Upgrade to version 2.8.0 or later.

References

https://github.com/cloudnativelabs/kube-router/commit/a1f0b2eea3ee0f66b9a5b5c49dcb714619ccd456
https://github.com/cloudnativelabs/kube-router/releases/tag/v2.8.0
https://github.com/cloudnativelabs/kube-router/security/advisories/GHSA-phqm-jgc3-qf8g

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32254
Severity: High
CVSS Score: 7.1
Type: misconfiguration
Status: confirmed

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H