CVE-2026-42273

Summary

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host that differs only in letter casing, potentially causing the request to be classified differently than intended. This issue has been patched in version 0.17.14.

Affected Software

VendorProductVersion RangeStatus
dadrusheimdall< 0.17.14affected

Weaknesses

  • CWE-436: CWE-436: Interpretation Conflict
  • CWE-178: CWE-178: Improper Handling of Case Sensitivity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References