Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the cookieRewritePolicies process. An attacker can execute arbitrary code within the Envoy proxy by crafting a malicious value in the pathRewrite.value field of HTTPProxy resources, potentially allowing acce...

CVE-2026-41246

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

PT-2026-34726

Name of the Vulnerable Software and Affected Versions Contour versions 1.19.0 through 1.31.5 Contour versions 1.32.0 through 1.32.4 Contour versions 1.33.0 through 1.33.3 Description The Cookie Rewriting feature is susceptible to Lua code injection. An attacker with RBAC permissions to create or...

UBUNTU-CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

CLSA-2026-1776682775 libsoup: Fix of CVE-2026-5119

CVE-2026-5119: fix cleartext transmission of cookies to HTTP proxy in tunnelconnect CONNECT request for HTTPS targets...

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

GHSA-GWHP-PF74-VJ37 Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

CVE-2026-33805

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

CVE-2026-33805

CVE-2026-33805 affects @fastify/reply-from <= v12.6.1 and @fastify/http-proxy

PT-2026-33038

Name of the Vulnerable Software and Affected Versions @fastify/reply-from versions prior to 12.6.2 @fastify/http-proxy versions prior to 11.4.4 Description An issue exists where the client's Connection header is processed after the proxy has added its own headers via rewriteRequestHeaders. This...

Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3247 (ALAS-2026-3247)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3247 advisory. LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in th...

FreeBSD : Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF (30bda1c3-369b-11f1-b51c-6dd25bec137b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30bda1c3-369b-11f1-b51c-6dd25bec137b advisory. Seth Larson reports: HTTP proxy via CONNECT tunneling doesn't sanitize CR/LF CVE-2026-1502. Tenable has...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...