Browse all 3 CVE security advisories affecting projectcontour. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Projectcontour is an API management platform designed to streamline service mesh operations and microservice communication. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform's exposure to unauthenticated endpoints has allowed attackers to execute arbitrary code or bypass security restrictions. While no major public incidents have been widely documented, its three recorded CVEs highlight consistent weaknesses in input handling and authentication mechanisms, requiring rigorous patch management and secure configuration to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41246 | Contour: Lua code injection via Cookie Path Rewrite Policy — contourCWE-94 | 8.1 | High | 2026-04-23 |
| CVE-2021-32783 | Authorization bypass in Contour — contourCWE-441 | 8.5 | High | 2021-07-23 |
| CVE-2020-15127 | Denial of service in Contour — contourCWE-306 | 7.5 | High | 2020-08-05 |
This page lists every published CVE security advisory associated with projectcontour. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.