CVE-2026-12382 Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...