VYPR

Go modules package

github.com/open-policy-agent/opa-envoy-plugin

pkg:golang/github.com/open-policy-agent/opa-envoy-plugin

Vulnerabilities (1)

  • CVE-2026-26205HigFeb 19, 2026
    affected < 1.13.2-envoy-2fixed 1.13.2-envoy-2

    opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the `input.parsed_path` field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with do