Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

envoy — Vulnerabilities & Security Advisories 89

All 89 CVE vulnerabilities found in envoy, with AI-generated Chinese analysis, references, and POCs.

This page documents vulnerability aggregations for the Envoy proxy platform, specifically focusing on Common Weakness Enumeration classifications and associated security tags. It compiles a comprehensive collection of identified security flaws affecting the product, covering historical data from its initial releases through to the most recent patches released in the current year. Visitors to this resource can effectively track vendor security advisories to stay informed about critical updates, gain a deeper understanding of specific weakness classes prevalent in the codebase, and look up the product’s complete vulnerability history to assess long-term risk trends. The data includes various types of issues ranging from memory safety errors to configuration vulnerabilities that may impact service availability or confidentiality. By centralizing these findings, the page serves as a reference for security professionals and developers seeking to understand the threat landscape surrounding the Envoy service mesh component. Users can correlate reported weaknesses with specific versions and understand the remediation efforts applied by the maintainers over time. This structured approach allows for better risk assessment and prioritization of security hygiene tasks within infrastructure managed by this popular open-source proxy. The aggregation ensures that stakeholders have a clear view of the security posture without needing to search through disparate sources.

Vendor: envoyproxy

CVE IDTitleCVSSSeverityPublished
CVE-2026-47692 Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream CWE-130 4.8 Medium2026-06-26
CVE-2026-47207 Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message CWE-416 6.5 Medium2026-06-26
CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink CWE-120 5.9 Medium2026-06-26
CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes CWE-476 6.5 Medium2026-06-26
CVE-2026-47221 Envoy: Null pointer deref in internal redirects CWE-476 5.9 Medium2026-06-26
CVE-2026-48743 Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length CWE-444 7.5 High2026-06-26
CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter CWE-480 5.9 Medium2026-06-26
CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion CWE-409 7.5 High2026-06-26
CVE-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON CWE-1124 7.5 High2026-06-26
CVE-2026-47778 Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass) CWE-158 4.4 Medium2026-06-26
CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption CWE-209 6.8 Medium2026-06-26
CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification CWE-405 7.5 High2026-06-17
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection CWE-74 6.3 Medium2026-04-25
CVE-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly CWE-416 5.3 Medium2026-03-10
CVE-2026-26311 Envoy HTTP: filter chain execution on reset streams causing UAF crash CWE-416 5.9 Medium2026-03-10
CVE-2026-26310 Crash for scoped ip address in Envoy during DNS CWE-20 5.9 Medium2026-03-10
CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString() CWE-193 5.3 Medium2026-03-10
CVE-2026-26308 Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation CWE-863 7.5 High2026-03-10
CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte CWE-170 5.0 Medium2025-12-03
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode CWE-693 3.7 Low2025-12-03
CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching CWE-476 6.5 Medium2025-12-03
CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash CWE-416 6.5 Medium2025-10-16
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash CWE-476 7.5AIHighAI2025-10-16
CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag CWE-613 6.3 Medium2025-09-03
CVE-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults CWE-416 7.5 High2025-09-02
CVE-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission CWE-186 5.3 Medium2025-05-07
CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies CWE-460 6.5 Medium2025-03-21
CVE-2024-53271 HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy CWE-670 7.1 High2024-12-18
CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy CWE-670 7.5 High2024-12-18
CVE-2024-53269 Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy CWE-670 4.5 Medium2024-12-18

All 89 known CVE vulnerabilities affecting envoy with full Chinese analysis, references, and POCs where available.