Description
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.
Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).
Published: 2026-04-30
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Route Services can be abused to redirect application traffic to network destinations that lie outside the application's prescribed egress rules, allowing an attacker to reach HTTP services on internal networks that the Gorouter can access. The flaw permits a malicious developer with Cloud Foundry access to configure a service that directs traffic to these otherwise protected endpoints, effectively bypassing the firewall configuration embedded in the platform.

Affected Systems

The vulnerability affects the CloudFoundry Foundation Routing release versions 0.118.0 through 0.371.0 inclusive, and the CF Deployment releases from 0.0.2 through 54.14.0. Updates to Routing release 0.372.0 or later, or CF Deployment between 55.0.0 and newer that include Routing release 0.372.0, resolve the issue.

Risk and Exploitability

With a CVSS score of 5, this is considered medium severity. The EPSS score is not available, but the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires the attacker to have permission to configure route services; based on the description it is inferred that a malicious developer with such privileges could set up a route that enables bypassing the egress firewall. The impact is that internal services, previously unreachable by external traffic, can now be accessed by the attacker through the Gorouter.

Generated by OpenCVE AI on May 1, 2026 at 04:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Routing release to v0.372.0 or newer.
  • Upgrade the Cloud Foundry Deployment to v55.0.0 or newer, which includes the updated Routing release.
  • Restrict privileges so only trusted administrators can configure route services, preventing malicious developers from creating routes that bypass the firewall.

Generated by OpenCVE AI on May 1, 2026 at 04:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry routing-release
Vendors & Products Cloudfoundry
Cloudfoundry cf-deployment
Cloudfoundry routing-release

Thu, 30 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).
Title Route Services Firewall Bypass
Weaknesses CWE-923
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cloudfoundry Cf-deployment Routing-release
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-05-01T14:19:13.594Z

Reserved: 2026-01-09T06:54:41.497Z

Link: CVE-2026-22726

cve-icon Vulnrichment

Updated: 2026-05-01T14:19:10.307Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T00:16:23.650

Modified: 2026-05-01T15:28:29.083

Link: CVE-2026-22726

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:00:12Z

Weaknesses