CVE-2026-41999

Incorrect Behaviour of Views with TCP PROXY Requests...

CVE-2026-41999

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-41999 Incorrect Behaviour of Views with TCP PROXY Requests

Incorrect Behaviour of Views with TCP PROXY Requests...

EUVD-2026-31262

Incorrect Behaviour of Views with TCP PROXY Requests...

GHSA-RJ35-4M94-77JH Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

CVE-2025-64763

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

CVE-2025-64763

Envoy CVE-2025-64763 relates to a de-synchronization risk in TCP proxy mode where Envoy may accept client data for CONNECT requests before sending a 2xx response, and then forward that data to the upstream connection. If the upstream proxy returns a non‑2xx status, the CONNECT tunnel state can be...

CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2, and prior versions, which stems from a state desynchronization issue when processing CONNECT requests in TCP proxy mode...

EUVD-2020-23142

Malware in sbrugna...

EUVD-2019-10244

Malware in sbrugna...

EUVD-2013-5845

Malware in sbrugna...

EUVD-2022-25996

Malicious code in bioql PyPI...

UBUNTU-CVE-2021-47152

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to...

BIT-ENVOY-2020-35470

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...

GHSA-2XHQ-GV6C-P224 Etcd Gateway can include itself as an endpoint resulting in resource exhaustion

Vulnerability type Denial of Service Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesti...

Etcd Gateway can include itself as an endpoint resulting in resource exhaustion

Vulnerability type Denial of Service Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesti...

Missing Release of Resource after Effective Lifetime

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...