Home

CVE-2026-25534

Description

### ImpactSpinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of carefully crafted URLs. Note, Spinnaker found this not just in that CVE, but in the existing URL validations in Orca fromUrl expression handling. This CVE impacts BOTH artifacts as a result. ### PatchesThis has been merged and will be available in versions 2025.4.1, 2025.3.1, 2025.2.4 and 2026.0.0. ### WorkaroundsYou can disable the various artifacts on this system to work around these limits.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
EPSS Score
Exploitation Probability
0.046

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts 2025.2.4Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts 2025.3.1Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts 2025.4.1Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core 2025.2.4Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core 2025.3.1Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core 2025.4.1Windows
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts for Linux 2025.2.4Linux
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts for Linux 2025.3.1Linux
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - clouddriver-artifacts for Linux 2025.4.1Linux
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core for Linux 2025.2.4Linux
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core for Linux 2025.3.1Linux
Vulnerabilities CVE-2026-25534 are fixed in Spinnaker - orca-core for Linux 2025.4.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234