Lucene search
+L

1916 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS6.1AI score0.0017EPSS
Exploits0References8
NVD
NVD
added 3 days ago5 views

CVE-2026-12382

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS0.00338EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44739

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-12382

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References5
CVE
CVE
added 3 days ago10 views

CVE-2026-12382

The CVE-2026-12382 issue affects the AAP Gateway Envoy proxy. The non-mTLS route to EDA event streams fails to remove the Subject header despite requestHeadersToRemove, allowing an unauthenticated attacker to spoof a Subject header that matches a legitimate client certificate DN and bypass mTLS t...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-12382 Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-12382

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5905 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium

Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References2
Veracode
Veracode
added 2026/07/07 9:30 a.m.10 views

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 5:3 p.m.11 views

Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/07/06 5:3 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Envoy admin socket when L7 functionality is enabled. An attacker can access sensitive information or disrupt cluster operations by connecting to the world-accessible socket and invoking administrative...

9.2CVSS6AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:3 p.m.6 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/07/02 7:16 p.m.8 views

CVE-2026-47692

A flaw was found in Envoy. The PROXY Protocol v2 header generator can emit data beyond the maximum allowed length, leading to a mismatch between the actual bytes sent and the length specified in the header. An attacker on an adjacent network could exploit this to smuggle bytes into upstream...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 7:16 p.m.8 views

CVE-2026-47221

A flaw was found in Envoy. An unauthenticated attacker can exploit a null pointer dereference vulnerability in the router filter. This occurs when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests. By sending a POST, PUT, DELETE, or PATCH request without a body to...

7.5CVSS5.6AI score0.00445EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.9 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.7 views

CVE-2026-48044

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted, highly compressed zstd payload to an Envoy proxy with zstd decompression enabled. This can lead to massive memory allocation, causing severe memory...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.9 views

CVE-2026-48042

A flaw was found in Envoy, an open-source edge and service proxy. A remote attacker could exploit this vulnerability by sending deeply nested JSON objects to the affected system. This could lead to a stack overflow during the destruction of JSON objects, resulting in a Denial of Service DoS for t...

7.5CVSS5.7AI score0.00557EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/07/02 5:17 p.m.11 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/02 4:38 p.m.8 views

CVE-2026-48706

A flaw was found in Envoy, an open-source edge and service proxy. An attacker can exploit a heap write overflow vulnerability in Envoy's TCP StatsD sink by sending exceptionally long statistic names, such as those found in HTTP or gRPC request paths. This can lead to a denial-of-service, causing...

7.5CVSS5.9AI score0.0061EPSS
Exploits0References4
Rows per page
Query Builder