| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6994 | Envoy Query Parameter header_mutation.cc params.add injection | - | Envoy | Medium | 6.3 | 2026-04-25 19:00:19 | Deep Dive |
| CVE-2026-26330 | Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly | envoyproxy | envoy | Medium | 5.3 | 2026-03-10 19:19:53 | Deep Dive |
| CVE-2026-26311 | Envoy HTTP: filter chain execution on reset streams causing UAF crash | envoyproxy | envoy | Medium | 5.9 | 2026-03-10 19:14:42 | Deep Dive |
| CVE-2026-26310 | Crash for scoped ip address in Envoy during DNS | envoyproxy | envoy | Medium | 5.9 | 2026-03-10 19:08:22 | Deep Dive |
| CVE-2026-26309 | Envoy has an off-by-one write in JsonEscaper::escapeString() | envoyproxy | envoy | Medium | 5.3 | 2026-03-10 19:04:21 | Deep Dive |
| CVE-2026-26308 | Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation | envoyproxy | envoy | High | 7.5 | 2026-03-10 19:01:28 | Deep Dive |
| CVE-2026-26205 | opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path` | open-policy-agent | opa-envoy-plugin | - | - | 2026-02-19 19:31:27 | Deep Dive |
| CVE-2025-66220 | Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte | envoyproxy | envoy | Medium | 5.0 | 2025-12-03 18:31:50 | Deep Dive |
| CVE-2025-64763 | Envoy forwards early CONNECT data in TCP proxy mode | envoyproxy | envoy | Low | 3.7 | 2025-12-03 18:13:58 | Deep Dive |
| CVE-2025-64527 | Envoy crashes when JWT authentication is configured with the remote JWKS fetching | envoyproxy | envoy | Medium | 6.5 | 2025-12-03 18:04:35 | Deep Dive |
| CVE-2025-62504 | Envoy Lua filter use-after-free when oversized rewritten response body causes crash | envoyproxy | envoy | Medium | 6.5 | 2025-10-16 21:23:42 | Deep Dive |
| CVE-2025-62409 | Envoy allows large requests and responses to cause TCP connection pool crash | envoyproxy | envoy | - | - | 2025-10-16 17:47:26 | Deep Dive |
| CVE-2025-55162 | Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag | envoyproxy | envoy | Medium | 6.3 | 2025-09-03 19:51:51 | Deep Dive |
| CVE-2025-54588 | Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults | envoyproxy | envoy | High | 7.5 | 2025-09-02 23:39:07 | Deep Dive |
| CVE-2025-46821 | Envoy vulnerable to bypass of RBAC uri_template permission | envoyproxy | envoy | Medium | 5.3 | 2025-05-07 21:24:08 | Deep Dive |
| CVE-2025-30157 | Envoy crashes when HTTP ext_proc processes local replies | envoyproxy | envoy | Medium | 6.5 | 2025-03-21 14:49:18 | Deep Dive |
| CVE-2025-23556 | WordPress Push Envoy Notifications plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | netbitsolutions | Push Envoy Notifications | High | 7.1 | 2025-03-03 13:30:12 | Deep Dive |
| CVE-2024-53271 | HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy | envoyproxy | envoy | High | 7.1 | 2024-12-18 19:12:21 | Deep Dive |
| CVE-2024-53270 | HTTP/1: sending overload crashes when the request is reset beforehand in envoy | envoyproxy | envoy | High | 7.5 | 2024-12-18 19:12:19 | Deep Dive |
| CVE-2024-53269 | Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy | envoyproxy | envoy | Medium | 4.5 | 2024-12-18 19:12:17 | Deep Dive |