CVE-2026-15738

Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
14/07/2026
Last modified:
15/07/2026

Description

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace&amp;#39;s gRPC traffic on a shared Gateway via a crafted HTTPRoute resource.<br /> <br /> <br /> <br /> To mitigate this issue, users should upgrade to version 3.4.2.