Lucene search
K

170 matches found

Wolfi
Wolfi
added 2026/02/25 1:48 a.m.8 views

CVE-2026-26205 vulnerabilities

Vulnerabilities for packages: opa-envoy...

7.1CVSS5.3AI score0.0038EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/25 1:17 a.m.8 views

CVE-2026-26205 vulnerabilities

Vulnerabilities for packages: opa-envoy, opa-fips-envoy...

7.1CVSS6.1AI score0.0038EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/25 1:17 a.m.11 views

GHSA-9F29-V6MM-PW6W vulnerabilities

Vulnerabilities for packages: opa-envoy, opa-fips-envoy...

6.1AI score
Exploits0
OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...

7.1CVSS5.3AI score0.0038EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.10 views

CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 8:25 p.m.8 views

CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 7:31 p.m.6 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References5
CVE
CVE
added 2026/02/19 7:31 p.m.22 views

CVE-2026-26205

CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with ‘//’ as authorities, which drops those segments from the parsed path. This crea...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 7:31 p.m.6 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 7:31 p.m.30 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

opa-envoy-plugin 安全漏洞

opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...

7.1CVSS5.8AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 3:25 p.m.4 views

GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/18 3:25 p.m.8 views

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.26 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, kubeflow, ghaudit, crossplane-provider-aws-ec2, postgres-operator, terraform-provider-azapi, govulncheck, cilium-certgen, thanos, telegraf, kargo, kyverno-policy-reporter-kyverno-plugin, grpcurl, cis-operator, rootlesskit, src, smokescreen,...

10CVSS6.8AI score0.00765EPSS
Exploits1
OSV
OSV
added 2026/01/26 8:16 p.m.4 views

AZL-75473 CVE-2025-11065 affecting package opa 0.63.0-2

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.6 views

AZL-75545 CVE-2025-11065 affecting package opa for versions less than 0.63.0-6

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: opa (CVE-2025-46569)

The version of opa installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46569 advisory. - Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a...

7.4CVSS5.8AI score0.0036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.4 views

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

6.3CVSS6.7AI score0.0103EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-54219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert IB/isert: Fix incorrect release of isert connection Commit: 699826f4e30a IB/isert: Fix incorrect release of isert connection is causing problems on OPA...

6AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2025/12/30 1:16 p.m.2 views

UBUNTU-CVE-2023-54219

In the Linux kernel, the following vulnerability has been resolved: Revert "IB/isert: Fix incorrect release of isert connection" Commit: 699826f4e30a "IB/isert: Fix incorrect release of isert connection" is causing problems on OPA when DEVICEREMOVAL is happening. ------------ cut here -----------...

5.7AI score0.00195EPSS
Exploits0References12
Rows per page
Query Builder