Lucene search
K

1868 matches found

Veracode
Veracode
added last week8 views

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...

5.9AI score0.00017EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 5:3 p.m.4 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/02 7:16 p.m.6 views

CVE-2026-47692

A flaw was found in Envoy. The PROXY Protocol v2 header generator can emit data beyond the maximum allowed length, leading to a mismatch between the actual bytes sent and the length specified in the header. An attacker on an adjacent network could exploit this to smuggle bytes into upstream...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 7:16 p.m.6 views

CVE-2026-47221

A flaw was found in Envoy. An unauthenticated attacker can exploit a null pointer dereference vulnerability in the router filter. This occurs when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests. By sending a POST, PUT, DELETE, or PATCH request without a body to...

7.5CVSS5.6AI score0.00445EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.7 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.6 views

CVE-2026-48044

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted, highly compressed zstd payload to an Envoy proxy with zstd decompression enabled. This can lead to massive memory allocation, causing severe memory...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.7 views

CVE-2026-48042

A flaw was found in Envoy, an open-source edge and service proxy. A remote attacker could exploit this vulnerability by sending deeply nested JSON objects to the affected system. This could lead to a stack overflow during the destruction of JSON objects, resulting in a Denial of Service DoS for t...

7.5CVSS5.7AI score0.00557EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/07/02 5:17 p.m.9 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 4:38 p.m.6 views

CVE-2026-48706

A flaw was found in Envoy, an open-source edge and service proxy. An attacker can exploit a heap write overflow vulnerability in Envoy's TCP StatsD sink by sending exceptionally long statistic names, such as those found in HTTP or gRPC request paths. This can lead to a denial-of-service, causing...

7.5CVSS5.9AI score0.0061EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-48743 Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer HEADERS with FIN / headers-only close but still carries a nonzero...

7.5CVSS5.7AI score0.00298EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.7 views

BIT-ENVOY-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

7.5CVSS5.8AI score0.00557EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47778 Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .cstr before bei...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.8AI score0.00219EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 5:40 a.m.4 views

BIT-ENVOY-2026-47692 Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47221 Envoy: Null pointer deref in internal redirects

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...

7.5CVSS6AI score0.00445EPSS
Exploits1References2
Rows per page
Query Builder