Vulnerability in Zalando Skipper

CVE-2026-50197

Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that…

Vulnerability class: HTTP Request Smuggling

Affected products

Weakness classification (CWE)

References