CVE-2026-48044
- EPSS 0.49%
- Veröffentlicht 26.06.2026 17:31:37
- Zuletzt bearbeitet 29.06.2026 18:40:43
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation (ZstdDecompressorImpl). Whe...
CVE-2026-48042
- EPSS 0.56%
- Veröffentlicht 26.06.2026 17:29:14
- Zuletzt bearbeitet 29.06.2026 18:42:17
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerabilit...
CVE-2026-47778
- EPSS 0.21%
- Veröffentlicht 26.06.2026 17:27:57
- Zuletzt bearbeitet 29.06.2026 18:49:25
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is ...
CVE-2026-47775
- EPSS 0.22%
- Veröffentlicht 26.06.2026 17:23:51
- Zuletzt bearbeitet 29.06.2026 18:10:33
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEA...
CVE-2026-47774
- EPSS 0.82%
- Veröffentlicht 17.06.2026 16:58:36
- Zuletzt bearbeitet 06.07.2026 13:40:12
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to t...
CVE-2026-26330
- EPSS 0.32%
- Veröffentlicht 10.03.2026 19:19:52
- Zuletzt bearbeitet 11.03.2026 15:57:32
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase lim...
CVE-2026-26311
- EPSS 0.34%
- Veröffentlicht 10.03.2026 19:14:41
- Zuletzt bearbeitet 11.03.2026 16:03:58
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-Af...
CVE-2026-26310
- EPSS 0.39%
- Veröffentlicht 10.03.2026 19:08:22
- Zuletzt bearbeitet 11.03.2026 16:09:31
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filte...
CVE-2026-26309
- EPSS 0.37%
- Veröffentlicht 10.03.2026 19:04:21
- Zuletzt bearbeitet 11.03.2026 16:14:20
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leadin...
CVE-2026-26308
- EPSS 0.29%
- Veröffentlicht 10.03.2026 19:01:28
- Zuletzt bearbeitet 11.03.2026 16:23:23
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present fo...