Tag

Access-Control-Bypass

3 briefs RSS

Heimdall Proxy Forwarded Header Injection via Unsanitized Host Header

Attackers can exploit Heimdall proxy versions <= 0.17.16 operating in proxy mode by injecting malicious values into the `Host` HTTP header, leading to the construction of a manipulated `Forwarded` header that can spoof client IP addresses for upstream services, potentially bypassing IP-based access controls.

exploited Heimdall header-injection proxy access-control-bypass ip-spoofing vulnerability web

1r 1t 2d ago

high advisory

MCP Server Kubernetes Tool Access Control Bypass (CVE-2026-46519)

2 rules 2 TTPs

MCP Server Kubernetes versions before 3.6.0 have an access control bypass vulnerability (CVE-2026-46519) where tool access controls are enforced only at the discovery layer, allowing authenticated clients to invoke any Kubernetes tool regardless of configured restrictions, potentially leading to cluster compromise.

mcp-server-kubernetes access-control-bypass privilege-escalation kubernetes cloud

2r 2t May 21, 2026

high advisory

Salvo Web Framework Path Traversal Vulnerability

2 rules 1 TTP

Salvo web framework versions 0.39.0 through 0.89.2 are vulnerable to Path Traversal and Access Control Bypass, allowing unauthenticated external attackers to bypass proxy routing constraints and access unintended backend paths.

path-traversal access-control-bypass web-framework

2r 1t Mar 24, 2026