Listen to this Post
How the Mentioned CVE Works:
CVE-2026-24470 is a security misconfiguration in Skipper Ingress Controller versions prior to v0.24.0. The vulnerability stems from the default-enabled support for Kubernetes Services of type ExternalName. An `ExternalName` Service maps a Service to a DNS name, acting as a CNAME record. When Skipper processes an Ingress resource referencing such a Service, it proxies traffic to the specified external DNS name. An attacker with permissions to create both a Service and an Ingress object can exploit this by creating a malicious `ExternalName` Service that points to the DNS name of a sensitive, internal cluster service (e.g., kubernetes.default.svc.cluster.local). By then creating an Ingress rule that routes external traffic to this malicious Service, the attacker can bypass network policies and use Skipper’s privileged network position as a proxy to reach internal services that are otherwise isolated from external networks.
DailyCVE Form:
Platform: Skipper Ingress
Version: < v0.24.0
Vulnerability: ExternalName Misconfiguration
Severity: High
date: 2026-01-26
Prediction: Patched 2026-01-26
What Undercode Say:
Bash command to run patched version: `docker run -it ghcr.io/zalando/skipper:v0.24.0 skipper –help`
Code to restore vulnerable behavior (library use):
skipper.Run(skipper.Options{
EnableExternalNames: true,
})
Workaround command-line flags for vulnerable versions:
`-kubernetes-only-allowed-external-names=true`
`-kubernetes-allowed-external-name ‘^[a-z][a-z0-9-.]+[.].allowed.example$’`
How Exploit:
- Attacker creates a Service of type `ExternalName` pointing to an internal cluster DNS endpoint.
- Attacker creates an Ingress resource that routes a host/path to the malicious Service.
- External requests to the Ingress host are proxied by Skipper to the internal service.
Protection from this CVE
Update to Skipper v0.24.0+.
Use `-kubernetes-only-allowed-external-names` allow list.
Apply RBAC to restrict Service/Ingress creation.
Impact
Unauthorized access to internal Kubernetes services, data exfiltration, and cluster compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

