2 matches found
CVE-2026-26205
CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with â//â as authorities, which drops those segments from the parsed path. This crea...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...