Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

RedhatCVE
RedhatCVEadded 2026/01/15 5:22 p.m.1 views

CVE-2026-22771

A flaw was found in Envoy Gateway. EnvoyExtensionPolicy Lua scripts, when executed by the Envoy proxy, can be exploited to leak the proxy's credentials. An attacker can then use these credentials to communicate with the control plane and gain unauthorized access to all secrets managed by the Envo...

8.8CVSS6.3AI score0.00005EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/01/13 6:47 p.m.9 views

Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

8.8CVSS8AI score0.00005EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder