Summary When Steeltoe management endpoints are configured to listen on an alternate port (Management:Endpoints:Port is configured), the middleware responsible for restricting access to the endpoints uses the Host HTTP h…
| CVE ID | CVE-2026-50194 |
| Vendor | nuget |
| Affected Product | Steeltoe.Management.Endpoint |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.2 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
Management:Endpoints:Port is configured), the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port.Management:Endpoints:Port is configured to a value different from the application's main listener port.Management:Endpoints:SslEnabled. For example, http when SslEnabled is false (the default), or https when SslEnabled is true.Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.