238 matches found
CVE-2026-48743
A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...
CVE-2026-48706
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...
CVE-2026-48044
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...
CVE-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...
CVE-2026-47692 Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...
EUVD-2026-39826
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...
CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...
CVE-2026-47221
Envoy vulnerability CVE-2026-47221: the router filter has a null pointer dereference when handling internal redirects using HTTP 303 for body-less non-GET/HEAD requests. If a POST/PUT/DELETE/PATCH without a body targets a route with internal_redirect_policy including 303 and the upstream responds...
CVE-2026-47778
Envoy CVE-2026-47778 describes a TLS DNS SAN truncation flaw in DefaultCertValidator::verifySubjectAltName. Before 1.35.11, 1.36.7, 1.37.3, and 1.38.1, an embedded NUL in a dNSName SAN can be partially preserved by generalNameAsString but truncated when converted to a C-style string via .c_str(),...
PT-2026-52890
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...
PT-2026-51818
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description Envoy can translate a downstream HTTP/3 request that is complete at the transport layer but contains a...
CVE-2026-47774
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...
Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS
TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...
BIT-CONTOUR-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
Envoy Proxy 注入漏洞
Envoy Proxy is an open-source cloud-native high-performance edge/intermediate/service proxy. Versions of Envoy Proxy prior to 1.33.0 have a injection vulnerability, which stems from a function in the Query Parameter Handler component’s file...
EUVD-2026-25280
Contour has Lua code injection via Cookie Path Rewrite Policy...
Contour has Lua code injection via Cookie Path Rewrite Policy
Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...
CVE-2026-41246
A flaw was found in Contour, a Kubernetes ingress controller. An attacker with Role-Based Access Control RBAC permissions to manage HTTPProxy resources can exploit a Lua code injection vulnerability within Contour's Cookie Rewriting feature. By crafting a malicious value in specific configuration...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the cookieRewritePolicies process. An attacker can execute arbitrary code within the Envoy proxy by crafting a malicious value in the pathRewrite.value field of HTTPProxy resources, potentially allowing acce...
CVE-2026-41246
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...