CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-50194

highCVSS 8.2covered by 1 sourcefirst seen 2026-07-02
Summary When Steeltoe management endpoints are configured to listen on an alternate port (Management:Endpoints:Port is configured), the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port. Impact An unauthenticated remote attacker can reach every actuator endpoint using a specially crafted HTTP request. Affected configuration - The application's public port is accessible over from the network. - Management:Endpoints:Port is configured to a value different from the application's main listener port. - The request scheme matches Management:Endpoints:SslEnabled. For example, http when SslEnabled is false (the default), or https when SslEnabled is true. Mitigations If an immediate upgrade to a patched version is not possible: - Add explicit ASP.NET Core authorization (RequireAuthorization) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation. - Configure the reverse proxy or load balancer to enforce the Host header value and prevent clients from setting an arbitrary port.

⚡ Watch CVE-2026-50194

Get an email if CVE-2026-50194 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-50194

CVE.org record

Embed the live status

CVE-2026-50194 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-50194 status](https://www.csirts.com/badge/CVE-2026-50194)](https://www.csirts.com/cve/CVE-2026-50194)