17 matches found
CVE-2026-6338
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
EUVD-2026-36246
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-6338
Kong Gateway Enterprise versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 are affected by a HTTP request smuggling and desynchronization vulnerability caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic. The issue can enable network‑level abus...
CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
Kong Gateway Enterprise 环境问题漏洞
Kong Gateway Enterprise is an enterprise-level API gateway platform developed by Kong Corporation. Versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 of Kong Gateway Enterprise contain environmental issues vulnerabilities. These vulnerabilities stem from defects in the HTTP request processing pipelin...
PT-2026-48667
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
EUVD-2021-14067
Malware in sbrugna...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
Improper access control
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
CVE-2021-27306 involves Kong Gateway’s JWT plugin, where an improper access control flaw lets unauthenticated users reach authenticated routes without a valid JWT. The issue affects Kong Gateway versions before 2.3.2.0 and stems from insufficient authorization checks in the JWT plugin. Impact is ...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
Kong Gateway 访问控制错误漏洞
Kong Gateway is an API gateway from the Italian company Kong. It provides an inter-network connector. An access control error vulnerability exists in the JWT plugin in Kong Gateway prior to 2.3.0.0, which allows an unauthenticated user to access authenticated routes without a valid token...
Kong Gateway Admin API Remote Code Execution
This module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin. Module Options msf use...
SSRF Vulnerability in Kong API Gateway Admin Rest API
Kong API Gateway is one of the most popular cloud-native API gateways, with two branches, open source and enterprise, which is widely used as API access middleware for cloud-native, microservice, and service-less cloud function scenarios, providing cloud-native applications with authentication,...