3 matches found
CVE-2026-33434 Wazuh: Rate Limit Bypass via /events Endpoint
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.6.0 and above, prior to 4.14.5, a logic error in CheckRateLimitsMiddleware.dispatch causes the /events endpoint rate check to unconditionally overwrite the general rate limit result. When t...
CVE-2026-26330
CVE-2026-26330 affects Envoy prior to versions 1.37.1, 1.36.5, 1.35.8, and 1.34.13. The issue occurs in the rate limit filter when the response phase limit is enabled and the response phase limit request fails directly, causing a crash due to access to an inner state that is not cleaned up after ...
Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly
Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...