CVE-2026-48090
- EPSS 0.58%
- Veröffentlicht 26.06.2026 18:03:05
- Zuletzt bearbeitet 08.07.2026 20:16:50
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream...
CVE-2026-47220
- EPSS 0.67%
- Veröffentlicht 26.06.2026 18:02:17
- Zuletzt bearbeitet 30.06.2026 03:20:24
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host related options is specified, like HOST_FIRST, SNI_FIRST,...
CVE-2026-47205
- EPSS 0.39%
- Veröffentlicht 26.06.2026 18:01:07
- Zuletzt bearbeitet 29.06.2026 18:21:30
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter w...
CVE-2026-47692
- EPSS 0.22%
- Veröffentlicht 26.06.2026 17:59:38
- Zuletzt bearbeitet 27.06.2026 20:09:48
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch b...
CVE-2026-47207
- EPSS 0.44%
- Veröffentlicht 26.06.2026 17:52:27
- Zuletzt bearbeitet 27.06.2026 20:20:41
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted Proce...
CVE-2026-48706
- EPSS 0.61%
- Veröffentlicht 26.06.2026 17:38:23
- Zuletzt bearbeitet 29.06.2026 18:34:15
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can...
CVE-2026-47204
- EPSS 0.45%
- Veröffentlicht 26.06.2026 17:37:17
- Zuletzt bearbeitet 29.06.2026 14:16:53
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protoc...
CVE-2026-47221
- EPSS 0.45%
- Veröffentlicht 26.06.2026 17:35:29
- Zuletzt bearbeitet 27.06.2026 20:17:07
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) inter...
CVE-2026-48743
- EPSS 0.3%
- Veröffentlicht 26.06.2026 17:34:22
- Zuletzt bearbeitet 29.06.2026 18:27:36
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer (HEADERS with FIN / headers-o...
CVE-2026-48497
- EPSS 0.41%
- Veröffentlicht 26.06.2026 17:32:58
- Zuletzt bearbeitet 29.06.2026 18:36:40
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or ...