Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 5:17 p.m.10 views

CVE-2026-47778

A flaw was found in Envoy, an open-source edge and service proxy. A remote attacker could exploit a structural flaw in the DefaultCertValidator::verifySubjectAltName function by presenting a specially crafted certificate. This certificate would contain a NUL byte within its DNS Subject Alternativ...

4.4CVSS5.6AI score0.00212EPSS
Exploits1References4
CVE
CVE
added 2026/06/26 5:27 p.m.32 views

CVE-2026-47778

Envoy CVE-2026-47778 describes a TLS DNS SAN truncation flaw in DefaultCertValidator::verifySubjectAltName. Before 1.35.11, 1.36.7, 1.37.3, and 1.38.1, an embedded NUL in a dNSName SAN can be partially preserved by generalNameAsString but truncated when converted to a C-style string via .c_str(),...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:27 p.m.8 views

CVE-2026-47778

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .cstr before bei...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52887

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description A structural flaw exists in the DefaultCertValidator::verifySubjectAltName function. The issue occurs when...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References20
GithubExploit
GithubExploit
added 2026/04/17 2:46 a.m.117 views

Exploit for CVE-2026-40175

CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...

10CVSS5.8AI score0.01815EPSS
Exploits5
Rows per page
Query Builder