| CVE-2026-26330 |
unknown |
— |
— |
|
|
|
3mo ago |
Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly |
| CVE-2026-26311 |
unknown |
— |
— |
|
|
|
3mo ago |
Envoy: HTTP - filter chain execution on reset streams causing UAF crash |
| CVE-2026-26309 |
unknown |
— |
— |
|
|
|
3mo ago |
Envoy affected by off-by-one write in JsonEscaper::escapeString() |
| CVE-2026-26308 |
unknown |
— |
— |
|
|
|
3mo ago |
Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation |
| CVE-2026-26310 |
unknown |
— |
— |
|
|
|
3mo ago |
Envoy vulnerable to crash for scoped ip address during DNS |
| CVE-2025-66220 |
unknown |
— |
— |
|
|
|
6mo ago |
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte |
| CVE-2025-64763 |
unknown |
— |
— |
|
|
|
6mo ago |
Envoy forwards early CONNECT data in TCP proxy mode |
| CVE-2025-64527 |
unknown |
— |
— |
|
|
|
6mo ago |
Envoy crashes when JWT authentication is configured with the remote JWKS fetching |
| CVE-2025-54588 |
unknown |
— |
— |
|
|
|
9mo ago |
Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults |
| CVE-2025-30157 |
unknown |
— |
— |
|
|
|
1y ago |
Envoy crashes when HTTP ext_proc processes local replies |
| CVE-2019-9901 |
unknown |
— |
— |
|
|
|
4y ago |
EnvoyProxy Envoy Missing HTTP URL path normalization |
