Vendor
Steeltoe Host Header Bypass Vulnerability (CVE-2026-50194)
1 rule 2 TTPs 1 CVEAn unauthenticated remote attacker can bypass port isolation in Steeltoe applications configured with `Management:Endpoints:Port` by spoofing the Host HTTP header, allowing access to all actuator endpoints (CVE-2026-50194).
Steeltoe.Discovery.Eureka Deserialization Denial-of-Service (CVE-2026-50196)
1 CVEThe Steeltoe.Discovery.Eureka client contains a vulnerability (CVE-2026-50196) where its `DataCenterInfo.FromJson` method throws an `ArgumentException` if a `DataCenterInfo.name` value other than 'MyOwn' or 'Amazon' is encountered, specifically missing the valid 'Netflix' value from the Java Eureka specification, which causes the local service registry to become permanently empty or stale, leading to a complete service discovery outage for all connected Steeltoe Eureka clients.
Steeltoe Environment Actuator Vulnerability (CVE-2026-50200) Leaks Database Passwords
1 rule 1 TTP 1 CVEA high-severity vulnerability, CVE-2026-50200, in the Steeltoe `Sanitizer` component of the Environment actuator allows for the unintended disclosure of sensitive connection string values, including embedded plaintext credentials, when the `/actuator/env` endpoint is accessed, enabling direct database connection and bypassing application-tier security.