CVE-2026-15738
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
14/07/2026
Last modified:
15/07/2026
Description
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace&#39;s gRPC traffic on a shared Gateway via a crafted HTTPRoute resource.<br />
<br />
<br />
<br />
To mitigate this issue, users should upgrade to version 3.4.2.
Impact
Base Score 4.0
5.80
Severity 4.0
MEDIUM
Base Score 3.x
8.50
Severity 3.x
HIGH



