Lucene search
K

6 matches found

OSV
OSV
added 2026/03/12 8:39 a.m.4 views

BIT-ENVOY-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 7:19 p.m.31 views

CVE-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

5.3CVSS0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 7:19 p.m.9 views

CVE-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

5.3CVSS5.7AI score0.00315EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10807

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 6:31 p.m.1 views

GHSA-C23C-RP3M-VPG3 Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.8 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: crossplane-function-go-templating-fips, crossplane-provider-aws-efs-fips, cert-manager, temporal-server, gomplate, k8s-metacollector-fips, docker-credential-ecr-login-fips, prometheus-mysqld-exporter, cluster-api-gcp-controller-fips, apache-exporter, bom,...

7.5CVSS7AI score0.00728EPSS
Exploits0
Rows per page
Query Builder