Gateway API Misconfiguration in Amazon AWS Load Balancer Controller
CVE-2026-15738
5.8MEDIUM
What is CVE-2026-15738?
The AWS Load Balancer Controller prior to version 3.4.2 exhibits improper behavior in the order of Gateway API listener-rule generation. This vulnerability could allow an authenticated remote user to execute malicious actions such as intercepting, spoofing, or denying access to gRPC traffic associated with another namespace on a shared Gateway. The risk arises when a crafted HTTPRoute resource is deployed, potentially compromising the integrity of network communications. Users are advised to update to version 3.4.2 to mitigate this issue.
Affected Version(s)
aws-load-balancer-controller 0 < 3.4.2
