Product
high
advisory
Steeltoe Host Header Bypass Vulnerability (CVE-2026-50194)
1 rule 2 TTPs 1 CVEAn unauthenticated remote attacker can bypass port isolation in Steeltoe applications configured with `Management:Endpoints:Port` by spoofing the Host HTTP header, allowing access to all actuator endpoints (CVE-2026-50194).
Steeltoe.Management.Endpoint <= 4.1.0 +1
vulnerability
web-exploitation
cve
dotnet
bypass
1r
2t
1c
high
advisory
Steeltoe Environment Actuator Vulnerability (CVE-2026-50200) Leaks Database Passwords
1 rule 1 TTP 1 CVEA high-severity vulnerability, CVE-2026-50200, in the Steeltoe `Sanitizer` component of the Environment actuator allows for the unintended disclosure of sensitive connection string values, including embedded plaintext credentials, when the `/actuator/env` endpoint is accessed, enabling direct database connection and bypassing application-tier security.
Steeltoe.Management.Endpoint <= 4.1.0 +1
credential-access
vulnerability
.net
steeltoe
webserver
actuator
1r
1t
1c