{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-50194/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T21:03:26.756Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-50194","@id":"https://www.cve.org/CVERecord?id=CVE-2026-50194","description":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. Versions 3.4.0 and 4.2.0 patch the issue. If an immediate upgrade to a "},"products":[{"@id":"cpe:2.3:a:steeltoeoss:steeltoe.management.endpoint:\\<_4.2.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:steeltoeoss:steeltoe.management.endpoint:\\<_4.2.0:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:steeltoeoss:steeltoe.management.endpointcore:\\>\\=_3.2.2\\,_\\<_3.4.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:steeltoeoss:steeltoe.management.endpointcore:\\>\\=_3.2.2\\,_\\<_3.4.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-17T21:03:26.756Z"}]}