Envoyproxy Envoy
71 CVEs affecting Envoyproxy Envoy. Latest disclosed: 2026-03-10. Critical: 1, High: 33.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-29226 | Critical | 10.0 | 2022-06-09 | Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access… |
CVE-2024-23324 | High | 8.6 | 2024-02-09 | Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid… |
CVE-2023-35941 | High | 8.6 | 2023-07-25 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malici… |
CVE-2021-32780 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 c… |
CVE-2021-32781 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a local… |
CVE-2021-32779 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled… |
CVE-2021-32777 | High | 8.6 | 2021-08-24 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension… |
CVE-2023-35944 | High | 8.2 | 2023-07-25 | Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme… |
CVE-2023-27487 | High | 8.2 | 2023-04-04 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client… |
CVE-2021-21378 | High | 8.2 | 2021-03-11 | Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token wit… |
CVE-2023-27493 | High | 8.1 | 2023-04-04 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does… |
CVE-2021-29492 | High | 8.1 | 2021-05-28 | Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and befor… |
CVE-2026-26308 | High | 7.5 | 2026-03-10 | Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains… |
CVE-2025-54588 | High | 7.5 | 2025-09-02 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 cont… |
CVE-2024-53270 | High | 7.5 | 2024-12-18 | Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when… |
CVE-2024-45807 | High | 7.5 | 2024-09-19 | Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs ar… |
CVE-2024-32976 | High | 7.5 | 2024-06-04 | Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data w… |
CVE-2024-34363 | High | 7.5 | 2024-06-04 | Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception… |
CVE-2024-32475 | High | 7.5 | 2024-04-18 | Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:auth… |
CVE-2024-27919 | High | 7.5 | 2024-04-04 | Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTIN… |