60 matches found
CVE-2026-47262 vulnerabilities
Vulnerabilities for packages: trivy, kgateway, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, kube-arangodb, scorecard, kots, trivy-fips, newrelic-infrastructure-agent-fips, docker-compose-fips,...
PT-2026-46945
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Description An issue exists in the Envoy gateway related to HTTP/2, which can be exploited to cause a denial of service, potentially bringing down an Evonode. There have been reports of elevated activities...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: trivy, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, osv-scanner, kube-arangodb, scorecard, kots, k8ssandra-client, trivy-fips, newrelic-infrastructure-agent-fips,...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: pgtimetable, gitness, cerbos, pgwatch, spire-server-fips, certificate-transparency-fips, dapr, hydra, amass, ferretdb, sftpgo, step-ca, falcosidekick, rke2-runtime, bento, telegraf, peerdb-flow, ldap2pg, azure-service-operator, ory-kratos-fips, jitsucom-bulker,...
CVE-2026-33816 vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, kine, envoy-gateway, spire-server, k3s, kots, commercial-expanso-edge, commercial-chainloop-backend...
GHSA-9JJ7-4M8R-RFCM vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, kine, envoy-gateway, spire-server, k3s, kots, commercial-expanso-edge, commercial-chainloop-backend...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: flux-fips, cluster-api-helm-controller-fips, cert-manager-cmctl-fips, trivy, cerbos, cloudbeat-fips, envoy-gateway, harbor, helm-docs, chaos-mesh, istio, tigera-operator, jfrog-cli, cluster-api-helm-controller, helm-operator-fips, helm-diff-fips, consul-k8s,...
CVE-2026-35172 vulnerabilities
Vulnerabilities for packages: kots, zot, gitness, envoy-gateway, portieris...
GHSA-F2G3-HH2R-CWGC vulnerabilities
Vulnerabilities for packages: kots, zot, gitness, envoy-gateway, portieris...
CVE-2026-33540 vulnerabilities
Vulnerabilities for packages: kots, zot, gitness, envoy-gateway, portieris...
GHSA-3P65-76G6-3W7R vulnerabilities
Vulnerabilities for packages: kots, zot, gitness, envoy-gateway, portieris...
GHSA-3P65-76G6-3W7R vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, gitness, envoy-gateway, portieris, zot, portieris-fips, kots...
CVE-2026-35172 vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, gitness, envoy-gateway, portieris, zot, portieris-fips, kots...
GHSA-F2G3-HH2R-CWGC vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, gitness, envoy-gateway, portieris, zot, portieris-fips, kots...
CVE-2026-33540 vulnerabilities
Vulnerabilities for packages: envoy-gateway-fips, gitness, envoy-gateway, portieris, zot, portieris-fips, kots...
SUSE CVE-2026-22771
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
CVE-2026-22771
A flaw was found in Envoy Gateway. EnvoyExtensionPolicy Lua scripts, when executed by the Envoy proxy, can be exploited to leak the proxy's credentials. An attacker can then use these credentials to communicate with the control plane and gain unauthorized access to all secrets managed by the Envo...
BIT-ENVOY-GATEWAY-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
EUVD-2026-2007
Envoy Extension Policy lua scripts injection causes arbitrary command execution...
CVE-2026-22771
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...