VYPR

Envoy

by Envoyproxy

Source repositories

CVEs (95)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2024-21881HigAug 12, 2024
    risk 0.56cvss epss 0.00

    Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x

  • CVE-2026-47220impJun 26, 2026
    risk 0.49cvss 7.5epss 0.00

    envoy: Envoy: Denial of Service via missing host header in specific logging configurations

  • CVE-2026-47774impJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack

  • CVE-2026-6994MedApr 25, 2026
    risk 0.34cvss 6.3epss 0.00

    A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack…

  • CVE-2026-47205modJun 26, 2026
    risk 0.26cvss epss 0.00

    Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

  • CVE-2024-30255Apr 4, 2024
    risk 0.07cvss epss 0.88

    Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited…

  • CVE-2024-27919Apr 4, 2024
    risk 0.07cvss epss 0.87

    Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an…

  • CVE-2019-15226Oct 9, 2019
    risk 0.05cvss epss 0.65

    Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for…

  • CVE-2021-29492May 28, 2021
    risk 0.01cvss epss 0.68

    Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control,…

  • CVE-2026-26330Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase limit request fails directly, it…

  • CVE-2026-26311Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or…

  • CVE-2026-26310Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This…

  • CVE-2026-26309Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds…

  • CVE-2026-26308Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name.…

  • CVE-2025-66220Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as…

  • CVE-2025-64763Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP…

  • CVE-2025-64527Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers…

  • CVE-2025-62504Oct 16, 2025
    risk 0.00cvss epss 0.00

    Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the…

  • CVE-2025-62409Oct 16, 2025
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but…

Page 1 of 5