CVE-2026-53719

ADVISORY - github

Summary

Vulnerability report without repro case. Repro case may be added later after harness is complete.

Preconditions (4):

  • Tenant has SecurityPolicy + TCPRoute RBAC (baseline)
  • Tenant namespace permitted to attach TCPRoute to a Gateway listener
  • spec.authorization omitted (the trigger)
  • No admission webhook blocks the shape

Description:

A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.

EPSS Score: 0.00121 (0.310)

Common Weakness Enumeration (CWE)

ADVISORY - github

NULL Pointer Dereference


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in