CVE-2026-26330

< 1.34.13

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if

5.3MEDIUM

CVE-2026-26311

< 1.34.13

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envo

5.9MEDIUM

CVE-2026-26310

< 1.34.13

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWi

5.9MEDIUM

CVE-2026-26309

< 1.34.13

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy:

5.3MEDIUM

CVE-2026-26308

< 1.34.13

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Ac

7.5HIGH

CVE-2025-66220

< 1.33.13

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificat

5.0MEDIUM

CVE-2025-64763

< 1.33.13

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured

3.7LOW

CVE-2025-64527

< 1.33.13

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT au

6.5MEDIUM

CVE-2025-62504

< 1.33.12

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-aft

6.5MEDIUM

CVE-2025-62409

< 1.33.11

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and resp

7.5HIGH

CVE-2025-55162

< 1.32.10

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below

6.3MEDIUM

CVE-2025-54588

>= 1.34.0 and < 1.34.5

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 t

7.5HIGH

CVE-2025-46821

< 1.31.8

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matc

5.3MEDIUM

CVE-2025-30157

< 1.30.10

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc

6.5MEDIUM

CVE-2024-53271

>= 1.31.0 and < 1.31.5

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1

7.1HIGH

CVE-2024-53270

< 1.29.12

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume th

7.5HIGH

CVE-2024-53269

>= 1.30.0 and < 1.30.8

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy E

4.5MEDIUM

CVE-2024-45810

< 1.28.7

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendL

6.5MEDIUM

CVE-2024-45809

>= 1.29.0 and < 1.29.9

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache

5.3MEDIUM

CVE-2024-45808

< 1.28.7

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malic

6.5MEDIUM

CVE-2024-45807

>= 1.31.0 and < 1.31.2

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, an

7.5HIGH

CVE-2024-45806

< 1.28.7

Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to m

6.5MEDIUM

CVE-2024-39305

all versions

Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy reference

6.5MEDIUM

CVE-2024-34364

< 1.27.6

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response,

5.7MEDIUM

CVE-2024-34363

>= 1.28.0 and < 1.28.4

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could

7.5HIGH

CVE-2024-34362

< 1.27.6

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager (HCM) with `Envo

5.9MEDIUM

CVE-2024-32976

>= 1.18.0 and < 1.27.6

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during d

7.5HIGH

CVE-2024-32975

< 1.27.6

Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is c

5.9MEDIUM

CVE-2024-32974

< 1.27.6

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersCompl

5.9MEDIUM

CVE-2024-23326

< 1.27.6

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if

5.9MEDIUM

CVE-2024-32475

>= 1.13.0 and < 1.27.5

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with auto_sni enabled, a reque

7.5HIGH

CVE-2024-30255

< 1.26.8

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2,

5.3MEDIUM

CVE-2024-27919

all versions

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vuln

7.5HIGH

CVE-2024-23327

>= 1.26.0 and < 1.26.7

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy i

7.5HIGH

CVE-2024-23325

>= 1.26.0 and < 1.26.7

Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t sup

7.5HIGH

CVE-2024-23324

>= 1.26.0 and < 1.26.7

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstre

8.6HIGH

CVE-2024-23323

>= 1.26.0 and < 1.26.7

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high C

4.3MEDIUM

CVE-2024-23322

>= 1.26.0 and < 1.26.7

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The

7.5HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-35944

>= 1.23.0 and < 1.23.12

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2,

8.2HIGH

CVE-2023-35943

>= 1.23.0 and < 1.23.12

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1

6.3MEDIUM

CVE-2023-35942

>= 1.23.0 and < 1.23.12

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1

6.5MEDIUM

CVE-2023-35941

>= 1.23.0 and < 1.23.12

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1

8.6HIGH

CVE-2023-35945

< 1.23.11

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping s

7.5HIGH

CVE-2023-27496

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1

6.5MEDIUM

CVE-2023-27493

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1

8.1HIGH

CVE-2023-27492

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1

4.8MEDIUM

CVE-2023-27491

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malf

5.4MEDIUM

CVE-2023-27488

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1

5.4MEDIUM

CVE-2023-27487

< 1.22.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1

8.2HIGH

CVE-2022-29228

< 1.22.1

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining fil

7.5HIGH

CVE-2022-29227

< 1.22.1

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an inter

7.5HIGH

CVE-2022-29226

< 1.22.1

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mec

10.0CRITICAL

CVE-2022-29225

< 1.22.1

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an int

7.5HIGH

CVE-2022-29224

< 1.22.1

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcH

5.9MEDIUM

CVE-2022-23606

>= 1.20.0 and < 1.20.2

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Disc

4.4MEDIUM

CVE-2022-21657

< 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restri

6.8MEDIUM

CVE-2022-21656

< 1.20.2

Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation us

7.4HIGH

CVE-2022-21655

< 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if a

7.5HIGH

CVE-2022-21654

>= 1.7.0 and < 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert v

7.4HIGH

CVE-2021-43826

< 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occu

7.5HIGH

CVE-2021-43825

< 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must

6.1MEDIUM

CVE-2021-43824

< 1.18.6

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request cra

7.5HIGH

CVE-2021-39206

< 1.16.5

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vuln

8.6HIGH

CVE-2021-39204

<= 1.16.4

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2

7.5HIGH

CVE-2021-39162

< 1.18.4

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAW

8.6HIGH

CVE-2021-32781

>= 1.16.0 and < 1.16.5

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versi

8.6HIGH

CVE-2021-32780

>= 1.18.0 and < 1.18.4

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versi

8.6HIGH

CVE-2021-32779

>= 1.16.0 and < 1.16.5

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versi

8.6HIGH

CVE-2021-32778

>= 1.16.0 and < 1.16.5

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versi

5.8MEDIUM

CVE-2021-32777

>= 1.16.0 and < 1.16.5

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versi

8.6HIGH

CVE-2021-29492

< 1.15.5

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths

8.1HIGH

CVE-2021-29258

all versions

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map t

7.5HIGH

CVE-2021-28683

all versions

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an

7.5HIGH

CVE-2021-28682

all versions

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeo

7.5HIGH

CVE-2021-21378

all versions

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication

8.2HIGH

CVE-2020-35471

< 1.16.1

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larg

7.5HIGH

CVE-2020-35470

< 1.16.1

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the informatio

8.8HIGH

CVE-2020-25018

>= 2d69e30 and < 3b5acb2

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.

7.5HIGH

CVE-2020-25017

< 1.12.7

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCo

8.3HIGH

CVE-2020-15104

< 1.12.6

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wild

4.6MEDIUM

CVE-2020-8663

<= 1.12.4

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.

7.5HIGH

CVE-2020-12605

<= 1.12.4

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long

7.5HIGH

CVE-2020-12604

<= 1.12.4

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client reques

7.5HIGH

CVE-2020-12603

<= 1.12.4

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses

7.5HIGH

CVE-2020-11767

<= 1.14.1

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS)

3.1LOW

CVE-2020-8660

< 1.12.3

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a clien

5.3MEDIUM

CVE-2020-8664

<= 1.13.0

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g

5.3MEDIUM

CVE-2020-8661

<= 1.13.0

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

7.5HIGH

CVE-2020-8659

<= 1.13.0

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.

7.5HIGH

CVE-2019-18838

<= 1.12.1

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally ge

7.5HIGH

CVE-2019-18802

<= 1.12.1

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after t

9.8CRITICAL

CVE-2019-18801

<= 1.12.1

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the

9.8CRITICAL

CVE-2019-18836

all versions

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being ab

7.5HIGH

CVE-2019-15226

all versions

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size o

7.5HIGH

CVE-2019-15225

<= 1.11.1

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implement

7.5HIGH

CVE-2019-9901

<= 1.9.0

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, t

6.5MEDIUM

CVE-2019-9900

<= 1.9.0

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows

8.3HIGH

CVE-2018-17500

all versions

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by t

2.9LOW

CVE-2018-17499

all versions

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by t

2.9LOW

CVE-2019-7678

>= 3.0.0 and <= 3.9.0

A directory traversal vulnerability was discovered in Enphase Envoy R3.. via images/, include/, include/js, or include/css on TC

9.8CRITICAL

CVE-2019-7677

>= 3.0.0 and <= 3.9.0

XSS exists in Enphase Envoy R3.. via the profileName parameter to the /home URI on TCP port 8888.

6.1MEDIUM

CVE-2019-7676

>= 3.0.0 and <= 3.9.0

A weak password vulnerability was discovered in Enphase Envoy R3... One can login via TCP port 8888 with the admin password for

7.2HIGH