58 matches found
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: tigera-operator-fips, zarf, linkerd2, cloudbeat-fips, ctop, kots, docker-compose-fips, kubescape-operator, rancher-agent, docker-fips, amazon-ecs-agent, eks-node-monitoring-agent-fips, kubescape-server, gitlab-rails-ce, grype-db, skaffold, gitlab-rails-ce-fips,...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: pgwatch, seaweedfs, ory-kratos, dapr-fips, temporal-fips, gitness, spqr, openbao, ldap2pg, bento-fips, cloudnative-pg-fips, falcosidekick, grafana-fips, openfga-fips, sftpgo-plugin-eventstore, chainloop-control-plane-fips, sqlexporter, chainloop-control-plane,...
CVE-2026-33816 vulnerabilities
Vulnerabilities for packages: kots, spire-server, envoy-gateway-fips, commercial-expanso-edge, commercial-chainloop-backend, kine, envoy-gateway, k3s...
GHSA-9JJ7-4M8R-RFCM vulnerabilities
Vulnerabilities for packages: kots, spire-server, envoy-gateway-fips, commercial-expanso-edge, commercial-chainloop-backend, kine, envoy-gateway, k3s...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: flux-source-controller, kubescape, k9s, trivy, tigera-operator-fips, helm-set-status, pluto-fips, helm-exporter-fips, trivy-operator, zarf, cluster-api-helm-controller-fips, helm-operator, linkerd2, kube-arangodb, k9s-fips, rancher-fleet, consul-k8s, cloudbeat-fips,...
CVE-2026-33540 vulnerabilities
Vulnerabilities for packages: zot, portieris, envoy-gateway, gitness, kots...
GHSA-F2G3-HH2R-CWGC vulnerabilities
Vulnerabilities for packages: zot, portieris, envoy-gateway, gitness, kots...
GHSA-3P65-76G6-3W7R vulnerabilities
Vulnerabilities for packages: zot, portieris, envoy-gateway, gitness, kots...
CVE-2026-35172 vulnerabilities
Vulnerabilities for packages: zot, portieris, envoy-gateway, gitness, kots...
CVE-2026-33540 vulnerabilities
Vulnerabilities for packages: kots, portieris, envoy-gateway-fips, portieris-fips, zot, gitness, envoy-gateway...
GHSA-3P65-76G6-3W7R vulnerabilities
Vulnerabilities for packages: kots, portieris, envoy-gateway-fips, portieris-fips, zot, gitness, envoy-gateway...
CVE-2026-35172 vulnerabilities
Vulnerabilities for packages: kots, portieris, envoy-gateway-fips, portieris-fips, zot, gitness, envoy-gateway...
GHSA-F2G3-HH2R-CWGC vulnerabilities
Vulnerabilities for packages: kots, portieris, envoy-gateway-fips, portieris-fips, zot, gitness, envoy-gateway...
SUSE CVE-2026-22771
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
CVE-2026-22771
A flaw was found in Envoy Gateway. EnvoyExtensionPolicy Lua scripts, when executed by the Envoy proxy, can be exploited to leak the proxy's credentials. An attacker can then use these credentials to communicate with the control plane and gain unauthorized access to all secrets managed by the Envo...
BIT-ENVOY-GATEWAY-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
EUVD-2026-2007
Envoy Extension Policy lua scripts injection causes arbitrary command execution...
CVE-2026-22771
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
CVE-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
CVE-2026-22771
Summary: CVE-2026-22771 affects Envoy Gateway. Prior to versions 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by the Envoy proxy can leak credentials (e.g., TLS private keys and other secrets) used by the proxy, enabling access to control-plane secrets. The issue is described across...