<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Skipper (&lt;= V0.26.8) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/skipper--v0.26.8/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 08 Jul 2026 20:27:10 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/skipper--v0.26.8/feed.xml" rel="self" type="application/rss+xml"/><item><title>Zalando Skipper OPA Policy Bypass via Chunked Encoding</title><link>https://feed.craftedsignal.io/briefs/2026-07-skipper-opa-bypass/</link><pubDate>Wed, 08 Jul 2026 20:27:10 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-skipper-opa-bypass/</guid><description>A critical vulnerability in `zalando/skipper`'s OpenPolicyAgent integration, tracked as GHSA-659f-rgp5-w4wf, allows attackers to bypass `opaAuthorizeRequestWithBody` policies using HTTP/1.1 `Transfer-Encoding: chunked` or HTTP/2 requests lacking a `content-length` pseudo-header, leading to unauthorized access to upstream services with uninspected payloads.</description><content:encoded><![CDATA[<p>A significant vulnerability (GHSA-659f-rgp5-w4wf) has been identified in <code>zalando/skipper</code> versions <code>&lt;= v0.26.8</code> that allows threat actors to bypass security policies enforced by the <code>opaAuthorizeRequestWithBody</code> filter. This bypass occurs when HTTP/1.1 requests use <code>Transfer-Encoding: chunked</code> or HTTP/2 requests omit the <code>content-length</code> pseudo-header. Under these conditions, the <code>OpenPolicyAgentInstance.ExtractHttpBodyOptionally</code> helper in Skipper incorrectly produces an empty <code>raw_body</code> for OpenPolicyAgent (OPA) policies, even though the full, potentially malicious, body is forwarded to the upstream service. This means OPA policies designed to inspect and deny requests based on body content (e.g., for <code>admin=true</code> fields, content moderation, or schema validation) will evaluate against an empty document and typically default to allowing the request, effectively neutralizing a critical layer of defense. The vulnerability affects operators relying on Skipper to protect private upstream services using body-content checks.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Attacker identifies Skipper instance</strong>: An attacker identifies a <code>zalando/skipper</code> API Gateway instance protecting a backend service, configured with the <code>opaAuthorizeRequestWithBody</code> filter.</li>
<li><strong>Attacker crafts malicious HTTP request</strong>: The attacker prepares an HTTP POST request containing a payload intended to be blocked by an OPA policy (e.g., <code>{&quot;admin&quot;:true}</code> to gain administrative privileges).</li>
<li><strong>Applies bypass framing</strong>: The attacker sends the request using HTTP/1.1 with <code>Transfer-Encoding: chunked</code> headers or as an HTTP/2 request without a <code>Content-Length</code> pseudo-header.</li>
<li><strong>Skipper receives and parses request</strong>: The <code>zalando/skipper</code> instance receives the request. Due to the specific framing, Go's <code>net/http</code> parser sets <code>req.ContentLength = -1</code>.</li>
<li><strong>OPA body extraction fails</strong>: The <code>ExtractHttpBodyOptionally</code> function, which is supposed to buffer the body for OPA, checks <code>req.ContentLength &lt;= maxBodyBytes</code>. While <code>-1</code> passes this check, the subsequent <code>fillBuffer</code> loop's condition <code>int64(m.bodyBuffer.Len()) &lt; expectedSize</code> (<code>0 &lt; -1</code>) is immediately false, preventing any body data from being read. An empty <code>raw_body</code> is then passed to the OPA SDK.</li>
<li><strong>OPA policy grants unauthorized access</strong>: The OPA policy, expecting to evaluate <code>input.parsed_body</code> against the actual request body, instead receives an empty document. If the policy is designed to deny based on specific content (e.g., <code>input.parsed_body.admin == true</code>), it will default to &quot;allow&quot; because the condition is not met in the empty input.</li>
<li><strong>Skipper forwards full payload</strong>: Despite the OPA policy effectively being bypassed, Skipper proceeds to forward the <em>original, full, and uninspected malicious payload</em> (e.g., <code>{&quot;admin&quot;:true}</code>) to the backend upstream service.</li>
<li><strong>Upstream processes unauthorized request</strong>: The upstream service receives and processes the unauthorized request and payload, potentially leading to privilege escalation, data modification, or remote code execution, depending on the backend's vulnerabilities.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability allows for a complete bypass of critical security controls implemented via OpenPolicyAgent for body content inspection. Organizations using <code>zalando/skipper</code> with <code>opaAuthorizeRequestWithBody</code> policies to enforce granular authorization, content moderation, or schema validation for incoming requests are at risk. A successful exploitation enables unauthenticated attackers to send arbitrary payloads that OPA policies were explicitly designed to block, potentially leading to unauthorized data access, privilege escalation, command injection, or other severe compromises of protected backend services. There is no observed victim count or specific sector targeting mentioned, but any organization deploying Skipper as an API gateway is affected.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade <code>zalando/skipper</code> to a version that contains the fix for GHSA-659f-rgp5-w4wf immediately upon availability.</li>
<li>Review all OPA policies utilizing <code>input.parsed_body</code> with the <code>opaAuthorizeRequestWithBody</code> filter to understand their susceptibility to this bypass.</li>
<li>Deploy the Sigma rule below to detect attempts to use <code>Transfer-Encoding: chunked</code> in conjunction with body content that would typically be denied by OPA policies.</li>
<li>Ensure webserver logs or API gateway logs capture HTTP headers, specifically <code>Transfer-Encoding</code>, for POST requests to sensitive endpoints.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>api-gateway</category><category>security-bypass</category><category>opa</category><category>network</category></item></channel></rss>