CVE-2026-26311

CVE-2026-26311 affects Envoy releases prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13. The issue is a logic vulnerability in the HTTP connection manager (FilterManager) where, after an HTTP/2 stream reset, the code may invoke filter callbacks on a stream that is already logically cleaned up, creatin...

CVE-2026-26310

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the originalsrc filter and the dns filter. This vulnerability is fixe...

CVE-2026-26310 Crash for scoped ip address in Envoy during DNS

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the originalsrc filter and the dns filter. This vulnerability is fixe...

EUVD-2026-10801

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

EUVD-2026-10799

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

PT-2026-24378

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. An off-by-one write in the...

PT-2026-24380

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions 1.35.0 through 1.35.7 Envoy versions 1.36.0 through 1.36.4 Envoy versions 1.37.0 Description Envoy is a high-performance edge/middle/service proxy. A logic issue exists in Envoy’s HTTP connection...

Envoy 资源管理错误漏洞

Envoy is an open-source gateway program developed by Enphase for connecting smart home devices. Versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a resource management vulnerability. This vulnerability stems from improper cleanup of internal state within the rate-limiting...

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

EUVD-2026-8804

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

PT-2026-22081

Name of the Vulnerable Software and Affected Versions OpenLIT versions prior to 1.37.1 Description OpenLIT, an open source AI engineering platform, has an issue in GitHub Actions workflows prior to version 1.37.1. These workflows use the pull request target event and execute untrusted code from...

OpenLIT 安全漏洞

OpenLIT is an open-source language model development tool developed by OpenLIT. Versions of OpenLIT prior to 1.37.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the pullrequesttarget event in GitHub Actions workflows, allowing for the execution of untrusted...

Microsoft Azure Monitor Agent < 1.37.1 RCE (CVE-2025-59504)

The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.37.1. It is, therefore, affected by a Heap-based buffer overflow vulnerability which potentially allows an unauthorized attacker to execute code locally. Note that Nessus has not tested for this issue but has...

CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

GHSA-3C32-4HQ9-6WGJ SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not

Impact Clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of CONDITIONAL with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in sin...

CVE-2024-48909 SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

PT-2024-33261 · Spicedb +1 · Spicedb +1

Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.35.0 through 1.37.0 Description: SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Clients that have enabled LookupResources2 and have caveats in the evaluation path for...