Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

envoyproxy — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting envoyproxy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by envoyproxy:envoygateway
CVE IDTitleCVSSSeverityPublished
CVE-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly — envoyCWE-416 5.3 Medium2026-03-10
CVE-2026-26311 Envoy HTTP: filter chain execution on reset streams causing UAF crash — envoyCWE-416 5.9 Medium2026-03-10
CVE-2026-26310 Crash for scoped ip address in Envoy during DNS — envoyCWE-20 5.9 Medium2026-03-10
CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString() — envoyCWE-193 5.3 Medium2026-03-10
CVE-2026-26308 Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation — envoyCWE-863 7.5 High2026-03-10
CVE-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution — gatewayCWE-94 8.8 High2026-01-12
CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte — envoyCWE-170 5.0 Medium2025-12-03
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode — envoyCWE-693 3.7 Low2025-12-03
CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching — envoyCWE-476 6.5 Medium2025-12-03
CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash — envoyCWE-416 6.5 Medium2025-10-16
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash — envoyCWE-476 7.5AIHighAI2025-10-16
CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag — envoyCWE-613 6.3 Medium2025-09-03
CVE-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults — envoyCWE-416 7.5 High2025-09-02
CVE-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission — envoyCWE-186 5.3 Medium2025-05-07
CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies — envoyCWE-460 6.5 Medium2025-03-21
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability — gatewayCWE-117 5.3 Medium2025-03-06
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint — gatewayCWE-419 7.1 High2025-01-23
CVE-2024-53271 HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy — envoyCWE-670 7.1 High2024-12-18
CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy — envoyCWE-670 7.5 High2024-12-18
CVE-2024-53269 Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy — envoyCWE-670 4.5 Medium2024-12-18
CVE-2024-45806 Potential manipulate `x-envoy` headers from external sources in envoy — envoyCWE-639 6.5 Medium2024-09-19
CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy — envoyCWE-670 7.5 High2024-09-19
CVE-2024-45808 Malicious log injection via access logs in envoy — envoyCWE-117 6.5 Medium2024-09-19
CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy — envoyCWE-119 5.3 Medium2024-09-19
CVE-2024-45810 Envoy crashes for LocalReply in http async client — envoyCWE-119 6.5 Medium2024-09-19
CVE-2024-39305 Envoy Proxy use after free when route hash policy is configured with cookie attributes — envoyCWE-416 6.5 Medium2024-07-01
CVE-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete() — envoyCWE-416 5.9 Medium2024-06-04
CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length() — envoyCWE-191 5.9 Medium2024-06-04
CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input — envoyCWE-835 7.5 High2024-06-04
CVE-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream — envoyCWE-416 5.9 Medium2024-06-04

This page lists every published CVE security advisory associated with envoyproxy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.