NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42273

Summary	Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host that differs only in letter casing, potentially causing the request to be classified differently than intended. This issue has been patched in version 0.17.14.
Publication Date	May 8, 2026, 1:16 p.m.
Registration Date	May 9, 2026, 4:11 a.m.
Last Update	May 9, 2026, 1:03 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/dadrus/heimdall/commit/3d05e56a9e7ef0355f17482b4322054af4e85943	security-advisories@github.com
2	https://github.com/dadrus/heimdall/pull/3208	security-advisories@github.com
3	https://github.com/dadrus/heimdall/releases/tag/v0.17.14	security-advisories@github.com
4	https://github.com/dadrus/heimdall/security/advisories/GHSA-72h4-mxfc-jx37	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-436	解釈の競合	https://cwe.mitre.org/data/definitions/436.html
2	CWE-178	大文字と小文字の区別の不適切な処理	https://cwe.mitre.org/data/definitions/178.html