To mitigate this issue, users should upgrade to version 3.4.2.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2. | |
| Title | Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller | |
| First Time appeared |
Amazon
Amazon aws-load-balancer-controller |
|
| Weaknesses | CWE-653 | |
| CPEs | cpe:2.3:a:amazon:aws-load-balancer-controller:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Amazon
Amazon aws-load-balancer-controller |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-14T20:19:23.721Z
Reserved: 2026-07-14T14:02:30.277Z
Link: CVE-2026-15738
No data.
No data.
No data.
OpenCVE Enrichment
No data.