CVE-2026-27208 — CRITICAL (9.2)

Vulnerability Description

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a container escape and unauthorized infrastructure modifications. This is fixed in version 1.0.1 by implementing strict input sanitization and secure delimiters in entrypoint.sh, enforcing a non-root user (appuser) in the Dockerfile, and establishing mandatory security quality gates.

CVSS Score

9.2

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bleon-Ethical	Api-Gateway-Deploy	1.0.0

Related Weaknesses (CWE)

CWE-88 CWE-78 CWE-250 CWE-269

References

https://github.com/bleon-ethical/api-gateway-deploy/releases/tag/SecurityRelease Notes
https://github.com/bleon-ethical/api-gateway-deploy/security/advisories/GHSA-chhVendor Advisory

FAQ

What is CVE-2026-27208?

CVE-2026-27208 is a vulnerability with a CVSS score of 9.2 (CRITICAL). bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to exe...

How severe is CVE-2026-27208?

CVE-2026-27208 has been rated CRITICAL with a CVSS base score of 9.2/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-27208?

Check the references section above for vendor advisories and patch information. Affected products include: Bleon-Ethical Api-Gateway-Deploy.