3 matches found
CVE-2026-32811 Heimdall: Path received via Envoy gRPC corrupted when containing query string
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...
GHSA-R8X2-FHMF-6MXP Heimdall: Path received via Envoy gRPC corrupted when containing query string
Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...
PT-2026-26091
Name of the Vulnerable Software and Affected Versions Heimdall versions 0.7.0-alpha through 0.17.10 Description Heimdall, a cloud native Identity Aware Proxy and Access Control Decision service, contains an issue where incorrect encoding of the query URL string can allow bypass of rules with...