CVE-2026-11752
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local files and environment variables on the xDS client host.
| Vendor | ly corporation |
| Product | armeria |
| Published | Jun 19, 2026 |
| Last Updated | Jun 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for ly corporation armeria
Be the first to know when new unknown vulnerabilities affecting ly corporation armeria are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
LY Corporation / Armeria
1.38.0 < 1.40.0