What is CVE-2026-32811?

CVE-2026-32811 is a high-severity vulnerability in Dadrus Heimdall, classified under Improper Encoding or Escaping of Output. CVSS score: 8.2/10. Published 2026-03-20.

How severe is CVE-2026-32811?

High severity. CVSS v3 base score is 8.2 out of 10.

Auth bypass in Dadrus Heimdall

CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with no…

EPSS: 0.000 (3.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.

Affected products

Dadrus Heimdall — versions >= 0.7.0-alpha, < 0.17.11

Weakness classification (CWE)

References

https://github.com/dadrus/heimdall/security/advisories/GHSA-r8x2-fhmf-6mxp (x_refsource_CONFIRM)
https://github.com/dadrus/heimdall/pull/3106 (x_refsource_MISC)
https://github.com/dadrus/heimdall/commit/50321b3007db1ccafdc6b1cfd6bdc3689c19a502 (x_refsource_MISC)
https://github.com/envoyproxy/envoy/blob/105b4acd422d67fcff908ec38d91c7676d079939/api/envoy/service/auth/v3/attribute_context.proto#L146-L147 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32811?: CVE-2026-32811 is a high-severity vulnerability in Dadrus Heimdall, classified under Improper Encoding or Escaping of Output. CVSS score: 8.2/10. Published 2026-03-20.
How severe is CVE-2026-32811?: High severity. CVSS v3 base score is 8.2 out of 10.