CNNVD-202511-726 Information
CNNVD ID
CNNVD-202511-726
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
kgateway是kgateway-dev开源的一个云原生API网关和人工智能网关。 kgateway 2.0.4及之前版本和2.1.0-agw-cel-rbac至2.1.0-rc.2版本存在安全漏洞,该漏洞源于缺乏身份验证,可能导致未经授权的客户端获取敏感配置数据。
Description (English)
kgateway is a cloud-based API gateway and artificial intelligence gateway. There is a security loophole in the kgateway 2.0.4 and previous versions and 2.1.0-agw-cel-rbac to 2.1.0-rc.2, which stems from a lack of identification and may lead to unauthorized client access to sensitive configuration data.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
kgateway-dev
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/kgateway-dev/kgateway/issues/10651 https://github.com/kgateway-dev/kgateway/pull/12471 https://github.com/kgateway-dev/kgateway/pull/12535 https://github.com/kgateway-dev/kgateway/security/advisories/GHSA-4766-x535-jw3r https://access.redhat.com/security/cve/cve-2025-64323
Patch
https://github.com/kgateway-dev/kgateway/releases
Share on: