Skip to main content

Envoy

109 CVEs product

Monthly

CVE-2026-48090 MEDIUM PATCH This Month

Use-after-free in Envoy's HTTP OAuth2 filter (envoy.filters.http.oauth2) across versions 1.37.0-1.37.4 and 1.38.0-1.38.2 enables unauthenticated remote attackers to crash Envoy worker threads by racing a connection teardown against an in-flight async token exchange. When a downstream client disconnects while the filter is awaiting an async OAuth2 token response, the late AsyncClient callback invokes StreamDecoderFilterCallbacks on an already-freed object, producing undefined behavior and worker crashes. The reporter explicitly disclaims RCE - confirmed impact is availability loss (DoS); allocator-dependent memory corruption effects beyond crash are theoretically possible but not demonstrated. No public exploit or CISA KEV listing identified at time of analysis.

Memory Corruption Microsoft Use After Free RCE Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2026-47220 HIGH PATCH This Week

Denial of service in Envoy proxy versions 1.37.0 through 1.37.4 and 1.38.x before 1.38.3 lets remote attackers crash the proxy by sending a request that omits the Host header when access logging is configured with the %REQUESTED_SERVER_NAME(X:Y)% operator using host-related options (e.g. HOST_FIRST, SNI_FIRST). The missing header triggers a null pointer dereference (CWE-476), taking down the data-plane proxy and any traffic flowing through it. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-47205 MEDIUM PATCH This Month

Use-After-Free crash in Envoy's ext_authz HTTP filter allows remote unauthenticated attackers to trigger a segmentation fault and process crash by rapidly establishing and tearing down downstream connections when per-route authorization overrides are configured. Affected are Envoy versions 1.36.0-1.36.8, 1.37.0-1.37.4, and 1.38.0-1.38.2. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, though the race condition exploitability is constrained by requiring specific ext_authz per-route override configuration.

Memory Corruption Denial Of Service Use After Free Envoy
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-47692 MEDIUM PATCH This Month

PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-47207 MEDIUM PATCH This Month

Envoy proxy's External Processing (ext_proc) filter crashes with a use-after-free when an ext_proc gRPC server sends a single batched gRPC message containing multiple specially crafted ProcessingResponse objects. Affected versions span 1.34.0 through pre-fix releases across four maintained branches; fixed releases are 1.35.13, 1.36.9, 1.37.5, and 1.38.3. With CVSS PR:L, exploitation requires control of or compromise of the ext_proc gRPC server endpoint, limiting the realistic attacker population but making this a high-priority patch for any deployment running ext_proc. No public exploit code and no CISA KEV listing exist at time of analysis.

Memory Corruption Denial Of Service Use After Free Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-48706 HIGH PATCH This Week

Heap buffer overflow in Envoy's TcpStatsdSink component (versions 1.34.0 through pre-fix releases) allows unauthenticated remote attackers to crash the Envoy process or potentially achieve remote code execution by submitting HTTP or gRPC requests with request paths exceeding 16KiB, provided a specific non-default dual-filter configuration is present. The root flaw is an incorrect buffer rotation in the thread-local metric flusher that allocates a new 16KiB slice but continues writing beyond its boundary via unchecked memcpy operations. No public exploit has been identified at time of analysis, though vendor-confirmed patches are available across all affected release branches (1.35.13, 1.36.9, 1.37.5, 1.38.3).

Buffer Overflow RCE Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-47204 HIGH PATCH This Week

The envoy.filters.http.grpc_stats HTTP filter in Envoy versions 1.26.0 through the pre-fix releases crashes with a null pointer dereference when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) is routed to a direct_response route, terminating the Envoy process entirely. The vendor description states a single unauthenticated HTTP request is sufficient to trigger the crash, giving any network-reachable attacker a trivial one-packet denial of service against affected deployments. No confirmed active exploitation (absent from CISA KEV) and no public exploit code has been identified at time of analysis, but the trivial trigger condition makes this high practical risk for any deployment with both preconditions present.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-47221 HIGH PATCH This Week

Null pointer dereference in Envoy's router filter crashes the entire proxy process, terminating all active connections, when body-less non-GET/HEAD requests (POST, PUT, DELETE, PATCH) encounter an upstream HTTP 303 response on a route configured with internal redirect policy. Affected versions span 1.18.0 through the fixes released in branches 1.35.13, 1.36.9, 1.37.5, and 1.38.3. An unauthenticated remote attacker who can influence upstream response codes or reach a vulnerable route configuration can cause complete denial of service; no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-48743 HIGH PATCH This Week

HTTP request smuggling in Envoy proxy (versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1) lets remote attackers desynchronize HTTP/1 upstream connections by sending an HTTP/3 downstream request that is transport-complete (HEADERS with FIN) yet declares a nonzero Content-Length, leaving the translated HTTP/1 request with unresolved body debt. When the HTTP/1 origin replies before reading the body and keeps the connection reusable, the start of Envoy's next upstream request is consumed as the prior request's body, and the remainder is parsed by the origin as a separate, attacker-controlled request. This was demonstrated as a route-bypass: a directly denied /pwn was served to a second downstream stream as a backend-parsed GET /pwn, with no public exploit identified at time of analysis and no CISA KEV listing.

Request Smuggling Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-48497 HIGH PATCH This Week

Remote denial of service in Envoy proxy allows attackers to crash the process by resolving a DNS name exactly 255 octets long through a configured UDP DNS filter. An off-by-one runtime precondition assumes query names are strictly less than 255 octets, contradicting RFC 1035 which permits names of up to 255 octets, so a maximally-long name that resolves successfully triggers abnormal process termination. There is no public exploit identified at time of analysis, EPSS is low (0.37%), and CISA SSVC rates exploitation as none with only partial technical impact.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-48044 HIGH PATCH This Week

Denial of service in Envoy proxy (versions 1.23.0 through 1.35.10, 1.36.6, 1.37.2, and 1.38.0) allows remote unauthenticated attackers to crash the proxy by sending a specially crafted, highly compressed zstd payload that triggers massive memory allocation in the ZstdDecompressorImpl, leading to Out-Of-Memory kills. The flaw is a decompression-bomb (data amplification) issue that only manifests when zstd decompression is enabled. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the high CVSS reflects availability impact only (A:H, no confidentiality or integrity loss).

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48042 HIGH PATCH This Week

Denial of service in Envoy proxy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows remote unauthenticated attackers to crash the proxy by submitting deeply nested JSON (on the order of 100,000 levels). When the resulting JSON Object is torn down, its recursive destructor exhausts the thread stack, causing a stack overflow and process termination. There is no public exploit identified at time of analysis and the issue impacts availability only; the CVSS 3.1 base score is 7.5.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-47778 MEDIUM PATCH This Month

Certificate SAN validation in Envoy Proxy is bypassed when an attacker-controlled upstream serves a TLS certificate containing an embedded NUL byte in the dNSName Subject Alternative Name field. Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 are affected, allowing an attacker who controls or can impersonate an upstream TLS endpoint to pass Envoy's configured SAN match check with a fraudulent certificate and intercept proxied traffic. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Envoy
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-47775 MEDIUM PATCH This Month

The OAuth2 HTTP filter in Envoy Proxy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 implements AES-256-CBC encryption for the PKCE CodeVerifier cookie without any authentication tag, creating a classic padding oracle through differential HTTP responses on the /callback endpoint. An attacker who obtains the victim's encrypted CodeVerifier cookie and a stolen authorization code can recover the plaintext PKCE code_verifier in approximately 6,200 crafted requests (~100 seconds), then complete the OAuth token exchange to hijack the victim's access token. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-confirmed patches are available in all four current release branches.

Oracle Microsoft Information Disclosure Envoy
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-47774 HIGH PATCH This Week

Denial of service in Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows unauthenticated remote clients to trigger excessive memory consumption via crafted HTTP/2 requests, potentially causing OOM termination of the Envoy process. The flaw stems from cookie header bytes bypassing request header size validation combined with HPACK limits being enforced only on encoded bytes. No public exploit identified at time of analysis, but the network-reachable, no-auth attack profile makes it a credible availability threat for edge proxies.

Denial Of Service Envoy
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-26330 Go MEDIUM This Month

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 can be crashed by an authenticated attacker through improper state cleanup in the rate limit filter when both request and response phase limiting are enabled. When a response phase rate limit request fails, the gRPC client reuses stale internal state from the prior request phase, leading to a use-after-free condition that crashes the proxy. An attacker with network access and valid credentials can exploit this to cause a denial of service against Envoy instances.

Denial Of Service Envoy
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26311 Go MEDIUM POC This Month

Envoy proxy versions before 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a use-after-free vulnerability in the HTTP connection manager that allows attackers to trigger denial of service by sending data frames on streams after they have been reset. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables filter callbacks to execute on logically cleaned-up streams, potentially causing service disruption or state corruption.

Use After Free Envoy
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-26310 Go MEDIUM POC This Month

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 crash when processing scoped IPv6 addresses through the Utility::getAddressWithPort function, which is invoked by the original_src and dns filters in the data plane. This denial of service vulnerability can be triggered remotely without authentication, and public exploit code exists. No patch is currently available for affected deployments.

DNS Denial Of Service Envoy
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-26309 Go MEDIUM POC This Month

Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]

Denial Of Service Envoy
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26308 Go HIGH POC PATCH GHSA This Week

Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating each value individually, allowing attackers to bypass "Deny" access control policies through header manipulation. This vulnerability affects Envoy versions prior to 1.34.13, 1.35.8, 1.36.5, and 1.37.1, and public exploit code exists. Patches are available for all affected versions.

Authentication Bypass Envoy
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66220 Go MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-64527 Go MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55162 MEDIUM POC PATCH This Month

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54588 Go HIGH PATCH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Envoy Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46821 MEDIUM This Month

Envoy is a cloud-native edge/middle/service proxy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-30157 Go MEDIUM PATCH This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-53271 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-53270 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53269 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-45810 HIGH POC This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45809 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45808 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45807 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45806 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-39305 CRITICAL PATCH Act Now

Envoy is a cloud-native, open source edge and service proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-34364 MEDIUM POC This Month

Envoy is a cloud-native, open source edge and service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34363 HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-34362 MEDIUM POC This Month

Envoy is a cloud-native, open source edge and service proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-32976 HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32975 HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32974 HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23326 HIGH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-32475 HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-30255 HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2024-27919 HIGH PATCH This Week

Envoy is a cloud-native, open-source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
86.7%
CVE-2024-23327 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23325 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23324 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23323 MEDIUM PATCH This Month

Envoy is a high-performance edge/middle/service proxy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23322 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35944 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-35943 HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35942 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35941 CRITICAL Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35945 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Nghttp2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27496 HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-27493 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-27492 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-27491 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-27488 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27487 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-29228 HIGH PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29227 HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29226 CRITICAL PATCH Act Now

Envoy is a cloud-native high-performance proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-29225 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-29224 MEDIUM PATCH This Month

Envoy is a cloud-native high-performance proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-23606 MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-21657 MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-21656 MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass OpenSSL Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-21655 HIGH PATCH This Week

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-21654 CRITICAL PATCH Act Now

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-39206 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-39204 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-39162 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-32781 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32780 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32779 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
0.9%
CVE-2021-32778 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32777 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
3.3%
CVE-2021-29492 HIGH This Week

Envoy is a cloud-native edge/middle/service proxy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
68.4%
CVE-2021-29258 HIGH This Week

An issue was discovered in Envoy 1.14.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28683 HIGH This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28682 HIGH POC This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-21378 HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
8.2
EPSS
1.7%
CVE-2020-35471 HIGH POC PATCH This Week

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-35470 HIGH PATCH This Week

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25018 HIGH This Week

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25017 HIGH POC This Week

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
1.3%
CVE-2020-15104 MEDIUM This Month

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2020-8663 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Use-after-free in Envoy's HTTP OAuth2 filter (envoy.filters.http.oauth2) across versions 1.37.0-1.37.4 and 1.38.0-1.38.2 enables unauthenticated remote attackers to crash Envoy worker threads by racing a connection teardown against an in-flight async token exchange. When a downstream client disconnects while the filter is awaiting an async OAuth2 token response, the late AsyncClient callback invokes StreamDecoderFilterCallbacks on an already-freed object, producing undefined behavior and worker crashes. The reporter explicitly disclaims RCE - confirmed impact is availability loss (DoS); allocator-dependent memory corruption effects beyond crash are theoretically possible but not demonstrated. No public exploit or CISA KEV listing identified at time of analysis.

Memory Corruption Microsoft Use After Free +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Envoy proxy versions 1.37.0 through 1.37.4 and 1.38.x before 1.38.3 lets remote attackers crash the proxy by sending a request that omits the Host header when access logging is configured with the %REQUESTED_SERVER_NAME(X:Y)% operator using host-related options (e.g. HOST_FIRST, SNI_FIRST). The missing header triggers a null pointer dereference (CWE-476), taking down the data-plane proxy and any traffic flowing through it. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Use-After-Free crash in Envoy's ext_authz HTTP filter allows remote unauthenticated attackers to trigger a segmentation fault and process crash by rapidly establishing and tearing down downstream connections when per-route authorization overrides are configured. Affected are Envoy versions 1.36.0-1.36.8, 1.37.0-1.37.4, and 1.38.0-1.38.2. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, though the race condition exploitability is constrained by requiring specific ext_authz per-route override configuration.

Memory Corruption Denial Of Service Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.

Information Disclosure Envoy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Envoy proxy's External Processing (ext_proc) filter crashes with a use-after-free when an ext_proc gRPC server sends a single batched gRPC message containing multiple specially crafted ProcessingResponse objects. Affected versions span 1.34.0 through pre-fix releases across four maintained branches; fixed releases are 1.35.13, 1.36.9, 1.37.5, and 1.38.3. With CVSS PR:L, exploitation requires control of or compromise of the ext_proc gRPC server endpoint, limiting the realistic attacker population but making this a high-priority patch for any deployment running ext_proc. No public exploit code and no CISA KEV listing exist at time of analysis.

Memory Corruption Denial Of Service Use After Free +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in Envoy's TcpStatsdSink component (versions 1.34.0 through pre-fix releases) allows unauthenticated remote attackers to crash the Envoy process or potentially achieve remote code execution by submitting HTTP or gRPC requests with request paths exceeding 16KiB, provided a specific non-default dual-filter configuration is present. The root flaw is an incorrect buffer rotation in the thread-local metric flusher that allocates a new 16KiB slice but continues writing beyond its boundary via unchecked memcpy operations. No public exploit has been identified at time of analysis, though vendor-confirmed patches are available across all affected release branches (1.35.13, 1.36.9, 1.37.5, 1.38.3).

Buffer Overflow RCE Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The envoy.filters.http.grpc_stats HTTP filter in Envoy versions 1.26.0 through the pre-fix releases crashes with a null pointer dereference when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) is routed to a direct_response route, terminating the Envoy process entirely. The vendor description states a single unauthenticated HTTP request is sufficient to trigger the crash, giving any network-reachable attacker a trivial one-packet denial of service against affected deployments. No confirmed active exploitation (absent from CISA KEV) and no public exploit code has been identified at time of analysis, but the trivial trigger condition makes this high practical risk for any deployment with both preconditions present.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Null pointer dereference in Envoy's router filter crashes the entire proxy process, terminating all active connections, when body-less non-GET/HEAD requests (POST, PUT, DELETE, PATCH) encounter an upstream HTTP 303 response on a route configured with internal redirect policy. Affected versions span 1.18.0 through the fixes released in branches 1.35.13, 1.36.9, 1.37.5, and 1.38.3. An unauthenticated remote attacker who can influence upstream response codes or reach a vulnerable route configuration can cause complete denial of service; no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

HTTP request smuggling in Envoy proxy (versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1) lets remote attackers desynchronize HTTP/1 upstream connections by sending an HTTP/3 downstream request that is transport-complete (HEADERS with FIN) yet declares a nonzero Content-Length, leaving the translated HTTP/1 request with unresolved body debt. When the HTTP/1 origin replies before reading the body and keeps the connection reusable, the start of Envoy's next upstream request is consumed as the prior request's body, and the remainder is parsed by the origin as a separate, attacker-controlled request. This was demonstrated as a route-bypass: a directly denied /pwn was served to a second downstream stream as a backend-parsed GET /pwn, with no public exploit identified at time of analysis and no CISA KEV listing.

Request Smuggling Authentication Bypass Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Envoy proxy allows attackers to crash the process by resolving a DNS name exactly 255 octets long through a configured UDP DNS filter. An off-by-one runtime precondition assumes query names are strictly less than 255 octets, contradicting RFC 1035 which permits names of up to 255 octets, so a maximally-long name that resolves successfully triggers abnormal process termination. There is no public exploit identified at time of analysis, EPSS is low (0.37%), and CISA SSVC rates exploitation as none with only partial technical impact.

Information Disclosure Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Envoy proxy (versions 1.23.0 through 1.35.10, 1.36.6, 1.37.2, and 1.38.0) allows remote unauthenticated attackers to crash the proxy by sending a specially crafted, highly compressed zstd payload that triggers massive memory allocation in the ZstdDecompressorImpl, leading to Out-Of-Memory kills. The flaw is a decompression-bomb (data amplification) issue that only manifests when zstd decompression is enabled. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the high CVSS reflects availability impact only (A:H, no confidentiality or integrity loss).

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Envoy proxy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows remote unauthenticated attackers to crash the proxy by submitting deeply nested JSON (on the order of 100,000 levels). When the resulting JSON Object is torn down, its recursive destructor exhausts the thread stack, causing a stack overflow and process termination. There is no public exploit identified at time of analysis and the issue impacts availability only; the CVSS 3.1 base score is 7.5.

Buffer Overflow Envoy
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Certificate SAN validation in Envoy Proxy is bypassed when an attacker-controlled upstream serves a TLS certificate containing an embedded NUL byte in the dNSName Subject Alternative Name field. Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 are affected, allowing an attacker who controls or can impersonate an upstream TLS endpoint to pass Envoy's configured SAN match check with a fraudulent certificate and intercept proxied traffic. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Envoy
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The OAuth2 HTTP filter in Envoy Proxy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 implements AES-256-CBC encryption for the PKCE CodeVerifier cookie without any authentication tag, creating a classic padding oracle through differential HTTP responses on the /callback endpoint. An attacker who obtains the victim's encrypted CodeVerifier cookie and a stolen authorization code can recover the plaintext PKCE code_verifier in approximately 6,200 crafted requests (~100 seconds), then complete the OAuth token exchange to hijack the victim's access token. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-confirmed patches are available in all four current release branches.

Oracle Microsoft Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows unauthenticated remote clients to trigger excessive memory consumption via crafted HTTP/2 requests, potentially causing OOM termination of the Envoy process. The flaw stems from cookie header bytes bypassing request header size validation combined with HPACK limits being enforced only on encoded bytes. No public exploit identified at time of analysis, but the network-reachable, no-auth attack profile makes it a credible availability threat for edge proxies.

Denial Of Service Envoy
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 can be crashed by an authenticated attacker through improper state cleanup in the rate limit filter when both request and response phase limiting are enabled. When a response phase rate limit request fails, the gRPC client reuses stale internal state from the prior request phase, leading to a use-after-free condition that crashes the proxy. An attacker with network access and valid credentials can exploit this to cause a denial of service against Envoy instances.

Denial Of Service Envoy
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Envoy proxy versions before 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a use-after-free vulnerability in the HTTP connection manager that allows attackers to trigger denial of service by sending data frames on streams after they have been reset. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables filter callbacks to execute on logically cleaned-up streams, potentially causing service disruption or state corruption.

Use After Free Envoy
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 crash when processing scoped IPv6 addresses through the Utility::getAddressWithPort function, which is invoked by the original_src and dns filters in the data plane. This denial of service vulnerability can be triggered remotely without authentication, and public exploit code exists. No patch is currently available for affected deployments.

DNS Denial Of Service Envoy
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]

Denial Of Service Envoy
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating each value individually, allowing attackers to bypass "Deny" access control policies through header manipulation. This vulnerability affects Envoy versions prior to 1.34.13, 1.35.8, 1.36.5, and 1.37.1, and public exploit code exists. Patches are available for all affected versions.

Authentication Bypass Envoy
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Envoy is a cloud-native edge/middle/service proxy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy Suse
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Envoy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Envoy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Envoy is a cloud-native, open source edge and service proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Envoy is a cloud-native, open source edge and service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Envoy is a cloud-native, open source edge and service proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
EPSS 88% CVSS 7.5
HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
EPSS 87% CVSS 7.5
HIGH PATCH This Week

Envoy is a cloud-native, open-source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Envoy is a high-performance edge/middle/service proxy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Nghttp2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Envoy
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Envoy is a cloud-native high-performance proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Envoy is a cloud-native high-performance proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass OpenSSL Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
EPSS 2% CVSS 8.6
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 8.3
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 3% CVSS 8.3
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 68% CVSS 8.3
HIGH This Week

Envoy is a cloud-native edge/middle/service proxy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Envoy 1.14.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Envoy
NVD GitHub
EPSS 2% CVSS 8.2
HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 8.3
HIGH POC This Week

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy