Lucene search
K

238 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 6:17 p.m.8 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 6:16 p.m.8 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS0.00486EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 6:1 p.m.35 views

CVE-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 5:59 p.m.34 views

CVE-2026-47692 Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

4.8CVSS0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 5:52 p.m.8 views

EUVD-2026-39826

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 5:38 p.m.35 views

CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS0.0061EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 5:35 p.m.18 views

CVE-2026-47221

Envoy vulnerability CVE-2026-47221: the router filter has a null pointer dereference when handling internal redirects using HTTP 303 for body-less non-GET/HEAD requests. If a POST/PUT/DELETE/PATCH without a body targets a route with internal_redirect_policy including 303 and the upstream responds...

7.5CVSS6AI score0.00445EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/26 5:27 p.m.18 views

CVE-2026-47778

Envoy CVE-2026-47778 describes a TLS DNS SAN truncation flaw in DefaultCertValidator::verifySubjectAltName. Before 1.35.11, 1.36.7, 1.37.3, and 1.38.1, an embedded NUL in a dNSName SAN can be partially preserved by generalNameAsString but truncated when converted to a C-style string via .c_str(),...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52890

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51818

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description Envoy can translate a downstream HTTP/3 request that is complete at the transport layer but contains a...

7.5CVSS5.7AI score0.00298EPSS
Exploits1References20
NVD
NVD
added 2026/06/17 6:18 p.m.19 views

CVE-2026-47774

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00708EPSS
Exploits0References10
Imperva Blog
Imperva Blog
added 2026/06/04 3:43 p.m.12 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits7
OSV
OSV
added 2026/04/25 8:36 a.m.5 views

BIT-CONTOUR-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

8.1CVSS6.4AI score0.00481EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/25 12:0 a.m.8 views

Envoy Proxy 注入漏洞

Envoy Proxy is an open-source cloud-native high-performance edge/intermediate/service proxy. Versions of Envoy Proxy prior to 1.33.0 have a injection vulnerability, which stems from a function in the Query Parameter Handler component’s file...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 3:19 p.m.12 views

EUVD-2026-25280

Contour has Lua code injection via Cookie Path Rewrite Policy...

8.1CVSS5.3AI score0.00481EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/24 3:19 p.m.14 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 1:15 p.m.8 views

CVE-2026-41246

A flaw was found in Contour, a Kubernetes ingress controller. An attacker with Role-Based Access Control RBAC permissions to manage HTTPProxy resources can exploit a Lua code injection vulnerability within Contour's Cookie Rewriting feature. By crafting a malicious value in specific configuration...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/24 2:31 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the cookieRewritePolicies process. An attacker can execute arbitrary code within the Envoy proxy by crafting a malicious value in the pathRewrite.value field of HTTPProxy resources, potentially allowing acce...

8.1CVSS6AI score0.00481EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 7:17 p.m.10 views

CVE-2026-41246

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

8.1CVSS0.00481EPSS
Exploits0References7
Rows per page
Query Builder