CVE-2026-53719
ADVISORY - githubSummary
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
- Tenant has SecurityPolicy + TCPRoute RBAC (baseline)
- Tenant namespace permitted to attach TCPRoute to a Gateway listener
- spec.authorization omitted (the trigger)
- No admission webhook blocks the shape
Description:
A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.
EPSS Score: 0.00121 (0.310)
Common Weakness Enumeration (CWE)
ADVISORY - github
NULL Pointer Dereference
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in