8.2
CVE-2026-26308
- EPSS 0%
- Veröffentlicht 10.03.2026 19:01:28
- Zuletzt bearbeitet 11.03.2026 16:23:23
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated string. This behavior allows attackers to bypass RBAC policies—specifically "Deny" rules—by sending duplicate headers, effectively obscuring the malicious value from exact-match mechanisms. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Envoyproxy ≫ Envoy Version < 1.34.13
Envoyproxy ≫ Envoy Version >= 1.35.0 < 1.35.8
Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.5
Envoyproxy ≫ Envoy Version1.37.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.001 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
| security-advisories@github.com | 7.5 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.