Route Services Firewall Bypass_CVE-2026-22726

5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Description

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.
Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).

Basic Information

ID CVE-2026-22726

Source vmware

Published Apr 30, 2026 at 23:17

Modified Apr 30, 2026 at 23:26

Affected Product

Vendor CloudFoundry Foundation

Product Routing release

Version v0.118.0

Affected Versions CloudFoundry Foundation Routing release v0.118.0
CloudFoundry Foundation CF Deployment v0.0.2

CWE Classification

CWE-923

References

www.cloudfoundry.org /blog/cve-2026-22726-route-services-firewall-bypass/

{
    "lastseen": "",
    "description": "Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.\nRouting release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).",
    "published": "2026-04-30T23:17:00.707Z",
    "modified": "2026-04-30T23:26:19.891Z",
    "type": "cve",
    "title": "Route Services Firewall Bypass",
    "source": "vmware",
    "references": "https://www.cloudfoundry.org/blog/cve-2026-22726-route-services-firewall-bypass/",
    "id": "CVE-2026-22726",
    "bulletinFamily": "",
    "cwe": [
        "CWE-923"
    ],
    "cvelist": null,
    "sourceData": "CloudFoundry Foundation Routing release v0.118.0\nCloudFoundry Foundation CF Deployment v0.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Routing release",
    "version": "v0.118.0",
    "vendor": "CloudFoundry Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}