CVE-2026-42274
- EPSS 0.37%
- Veröffentlicht 08.05.2026 03:43:41
- Zuletzt bearbeitet 08.05.2026 16:03:26
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according ...
CVE-2026-42273
- EPSS 0.3%
- Veröffentlicht 08.05.2026 03:42:50
- Zuletzt bearbeitet 08.05.2026 16:03:26
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimd...
CVE-2026-42272
- EPSS 0.4%
- Veröffentlicht 08.05.2026 03:40:17
- Zuletzt bearbeitet 08.05.2026 16:03:26
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a resul...
CVE-2026-32811
- EPSS 0.3%
- Veröffentlicht 20.03.2026 02:16:34
- Zuletzt bearbeitet 30.03.2026 15:01:22
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard ...