CVE-2026-26308 Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

Validation Bypass

Fastify is vulnerable to validation bypass. The vulnerability is due to improper normalization and matching of the Content-Type header, allowing attackers to evade validation by altering casing or whitespace...