CVE-2026-47692

Envoy vulnerability CVE-2026-47692: PROXY Protocol v2 header generator can emit TLVs beyond the maximum 65535-byte length, causing a mismatch between bytes written and the length field and potentially smuggling bytes upstream. Affected versions: 1.34.0 through 1.35.13, 1.36.9, 1.37.5, and 1.38.3....

PT-2022-19478 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.22.1 Description: The issue is related to a lifetime bug that can be triggered when Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers. If Envoy sends a local reply wh...