CVE-2026-42273
CWE-178Published: May 8, 2026· Updated: May 8, 2026
Official Description
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host that differs only in letter casing, potentially causing the request to be classified differently than intended. This issue has been patched in version 0.17.14.
Technical Analysis
CVE-2026-42273 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (4)
Quick Facts
Related CVEs (CWE-178)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-42273 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts