Lucene search
K

17 matches found

NVD
NVD
added 2026/06/11 2:16 p.m.15 views

CVE-2026-6338

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 1:47 p.m.10 views

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 1:47 p.m.9 views

CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 1:47 p.m.25 views

CVE-2026-6338

Kong Gateway Enterprise versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 are affected by a HTTP request smuggling and desynchronization vulnerability caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic. The issue can enable network‑level abus...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 1:47 p.m.27 views

CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Kong Gateway Enterprise 环境问题漏洞

Kong Gateway Enterprise is an enterprise-level API gateway platform developed by Kong Corporation. Versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 of Kong Gateway Enterprise contain environmental issues vulnerabilities. These vulnerabilities stem from defects in the HTTP request processing pipelin...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48667

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14067

Malware in sbrugna...

7.5CVSS7.5AI score0.01789EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:31 p.m.18 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS6.8AI score0.01789EPSS
Exploits0References1
NVD
NVD
added 2021/03/18 3:15 p.m.10 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS0.01789EPSS
Exploits0References2
OSV
OSV
added 2021/03/18 3:15 p.m.5 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.5CVSS7.1AI score0.01789EPSS
Exploits0References2
Prion
Prion
added 2021/03/18 3:15 p.m.16 views

Improper access control

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

4.3CVSS7.4AI score0.01789EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/18 2:2 p.m.25 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.6AI score0.01789EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 2:2 p.m.64 views

CVE-2021-27306

CVE-2021-27306 involves Kong Gateway’s JWT plugin, where an improper access control flaw lets unauthenticated users reach authenticated routes without a valid JWT. The issue affects Kong Gateway versions before 2.3.2.0 and stems from insufficient authorization checks in the JWT plugin. Impact is ...

7.5CVSS7.4AI score0.01789EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.4 views

Kong Gateway 访问控制错误漏洞

Kong Gateway is an API gateway from the Italian company Kong. It provides an inter-network connector. An access control error vulnerability exists in the JWT plugin in Kong Gateway prior to 2.3.0.0, which allows an unauthenticated user to access authenticated routes without a valid token...

7.5CVSS7.4AI score0.01789EPSS
Exploits0References3
Metasploit
Metasploit
added 2020/12/03 5:41 p.m.24 views

Kong Gateway Admin API Remote Code Execution

This module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin. Module Options msf use...

7.5AI score
Exploits0
CNVD
CNVD
added 2020/04/15 12:0 a.m.2 views

SSRF Vulnerability in Kong API Gateway Admin Rest API

Kong API Gateway is one of the most popular cloud-native API gateways, with two branches, open source and enterprise, which is widely used as API access middleware for cloud-native, microservice, and service-less cloud function scenarios, providing cloud-native applications with authentication,...

6.9AI score
Exploits0
Rows per page
Query Builder