VYPR
Vendor

Envoyproxy

Products
2
CVEs
98
Across products
98
Status
Private

Products

2

Recent CVEs

98
View all 98 CVEs →
  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2024-21881HigAug 12, 2024
    risk 0.56cvss epss 0.00

    Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x

  • CVE-2026-47220impJun 26, 2026
    risk 0.49cvss 7.5epss 0.00

    envoy: Envoy: Denial of Service via missing host header in specific logging configurations

  • CVE-2026-47774impJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack

  • CVE-2026-6994MedApr 25, 2026
    risk 0.34cvss 6.3epss 0.00

    A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack…

  • CVE-2026-47205modJun 26, 2026
    risk 0.26cvss epss 0.00

    Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

  • CVE-2024-30255Apr 4, 2024
    risk 0.07cvss epss 0.88

    Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited…

  • CVE-2024-27919Apr 4, 2024
    risk 0.07cvss epss 0.87

    Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an…

  • CVE-2019-15226Oct 9, 2019
    risk 0.05cvss epss 0.65

    Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for…

  • CVE-2021-29492May 28, 2021
    risk 0.01cvss epss 0.68

    Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control,…

  • CVE-2026-26330Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase limit request fails directly, it…

  • CVE-2026-26311Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or…

  • CVE-2026-26310Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This…

  • CVE-2026-26309Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds…

  • CVE-2026-26308Mar 10, 2026
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name.…

  • CVE-2026-22771Jan 12, 2026
    risk 0.00cvss epss 0.00

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be…

  • CVE-2025-66220Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as…

  • CVE-2025-64763Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP…

  • CVE-2025-64527Dec 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers…

  • CVE-2025-62504Oct 16, 2025
    risk 0.00cvss epss 0.00

    Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the…