PatchSiren

zalando CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH zalando CVE published 2026-07-17

CVE-2026-50197

CVE-2026-50197 is a vulnerability in Skipper, an HTTP router and reverse proxy for service composition. The vulnerability allows an attacker to send a full, attacker-controlled body to the upstream service due to the OpenPolicyAgent integration silently bypassing request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header. This issue is fix [truncated]