CVE-2026-26308
Envoy CVE-2026-26308 affects the Envoy RBAC filter. The issue arises from how multiple HTTP header values are validated: instead of validating each value separately, Envoy concatenates all values into a single comma-separated string, allowing bypass of Deny rules under RBAC. Affects versions prio...