CVE-2026-24470 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services.
https://github.com/zalando/skipper/releases/tag/v0.24.0 disables Kubernetes ExternalName by default.
Developers can allow list targets of an ExternalName by using -kubernetes-only-allowed-external-names=true and allow list via regular expressions -kubernetes-allowed-external-name '^[a-z][a-z0-9-.]+[.].allowed.example$'
https://kubernetes.io/docs/concepts/services-networking/service/#externalname
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.