Authorization Bypass via Double-Slash Path Misinterpretation in OPA Envoy Plugin
Security AdvisoryHighOpen Policy Agent
Affected:
- open-policy-agent/opa-envoy-plugin <= v1.13.1-envoy
- openpolicyagent/opa:*-envoy <= 1.13.1-envoy
- openpolicyagent/opa:*-envoy <= 1.13.1-envoy-static
Fixed in:
- v1.13.2-envoy-2
- 1.13.2-envoy-2
- 1.13.2-envoy-2-static
参照 CVE: CVE-2026-26205
文章内图片已隐藏以节省流量 · 升级 Pro 后可见图片及离线存档
本文由本平台从 github.com 自动抓取,经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。