All 6 CVE vulnerabilities found in Gateway, with AI-generated Chinese analysis, references, and POCs.
Vendor: Devolutions
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-22771 | Envoy Extension Policy lua scripts injection causes arbitrary command execution CWE-94 | 8.8 | High | 2026-01-12 |
| CVE-2025-66405 | Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host CWE-918 | 6.5AI | MediumAI | 2025-12-01 |
| CVE-2025-25294 | Envoy Gateway Log Injection Vulnerability CWE-117 | 5.3 | Medium | 2025-03-06 |
| CVE-2025-24030 | Envoy Admin Interface Exposed through prometheus metrics endpoint CWE-419 | 7.1 | High | 2025-01-23 |
| CVE-2024-52528 | Auth Token can be passed dummy or wrong the middleware response is 200 OK CWE-285 | 9.8AI | CriticalAI | 2024-11-15 |
| CVE-2023-1580 | Devolutions Gateway 资源管理错误漏洞 | 7.5 | - | 2023-03-22 |
All 6 known CVE vulnerabilities affecting Gateway with full Chinese analysis, references, and POCs where available.