Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource.
To mitigate this issue, users should upgrade to version 3.4.2.
To mitigate this issue, users should upgrade to version 3.4.2.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 14 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2. | |
| Title | Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller | |
| First Time appeared |
Amazon
Amazon aws-load-balancer-controller |
|
| Weaknesses | CWE-653 | |
| CPEs | cpe:2.3:a:amazon:aws-load-balancer-controller:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Amazon
Amazon aws-load-balancer-controller |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-14T20:19:23.721Z
Reserved: 2026-07-14T14:02:30.277Z
Link: CVE-2026-15738
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses