Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-50194— Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

CVSS 8.2 · High EPSS 0.24% · P15

Possible ATT&CK Techniques 2AI

T1090 · Proxy T1078 · Valid Accounts

Affected Version Matrix 2

VendorProductVersion RangeStatus
SteeltoeOSSSteeltoe.Management.Endpoint< 4.2.0affected
SteeltoeOSSSteeltoe.Management.EndpointCore>= 3.2.2, < 3.4.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50194

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Source: NVD (National Vulnerability Database)
Vulnerability Description
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. Versions 3.4.0 and 4.2.0 patch the issue. If an immediate upgrade to a patched version is not possible, add explicit ASP.NET Core authorization (`RequireAuthorization`) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation and/or configure the reverse proxy or load balancer to enforce the `Host` header value and prevent clients from setting an arbitrary port.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SteeltoeOSSSteeltoe.Management.Endpoint < 4.2.0 -
SteeltoeOSSSteeltoe.Management.EndpointCore >= 3.2.2, < 3.4.0 -

II. Public POCs for CVE-2026-50194

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50194

登录查看更多情报信息。

Patches & Fixes for CVE-2026-50194 (2)

Vendor Advisories for CVE-2026-50194 (1)

Same Patch Batch · SteeltoeOSS · 2026-06-17 · 7 CVEs total

CVE-2026-501967.5 HIGHSteeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
CVE-2026-502007.5 HIGHSteeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
CVE-2026-502016.5 MEDIUMSteeltoe's sensitive actuators (heapdump/env) only require Restricted permission
CVE-2026-502025.9 MEDIUMSteeltoe's static JWKS cache shared across schemes and never invalidated
CVE-2026-502674.7 MEDIUMSteeltoe: TLS private keys written to /tmp with default permissions, never deleted
CVE-2026-502681.9 LOWSteeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

IV. Related Vulnerabilities

Same product: Steeltoe.Management.Endpoint
Same vendor: SteeltoeOSS
Same weakness: CWE-288

V. Comments for CVE-2026-50194

No comments yet

Leave a comment