CVE-2026-53719

ADVISORY - github

Summary

Vulnerability report without repro case. Repro case may be added later after harness is complete.

Preconditions (4):

  • Tenant has SecurityPolicy + TCPRoute RBAC (baseline)
  • Tenant namespace permitted to attach TCPRoute to a Gateway listener
  • spec.authorization omitted (the trigger)
  • No admission webhook blocks the shape

Description:

A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.

EPSS Score: 0.00121 (0.310)

Common Weakness Enumeration (CWE)

ADVISORY - github

NULL Pointer Dereference


GitHub

CREATED

UPDATED

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.5medium