Envoy

This hub aggregates every CVE we track for Envoy, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Envoy.

• CVE-2026-47774Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification7.5Jun 17, 2026
• CVE-2026-49975Apache HTTP Server: mod_http2 denial of service7.5Jun 8, 2026
• CVE-2026-26330Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly5.3Mar 10, 2026
• CVE-2026-26311Envoy HTTP: filter chain execution on reset streams causing UAF crash5.9Mar 10, 2026
• CVE-2026-26310Crash for scoped ip address in Envoy during DNS5.9Mar 10, 2026
• CVE-2026-26309Envoy has an off-by-one write in JsonEscaper::escapeString()5.3Mar 10, 2026
• CVE-2026-26308Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation7.5Mar 10, 2026
• CVE-2025-66220Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte5.0Dec 3, 2025
• CVE-2025-64763Envoy forwards early CONNECT data in TCP proxy mode3.7Dec 3, 2025
• CVE-2025-64527Envoy crashes when JWT authentication is configured with the remote JWKS fetching6.5Dec 3, 2025
• CVE-2025-62504Envoy Lua filter use-after-free when oversized rewritten response body causes crash6.5Oct 16, 2025
• CVE-2025-62409Envoy allows large requests and responses to cause TCP connection pool crash7.5Oct 16, 2025
• CVE-2025-55162Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag6.3Sep 3, 2025
• CVE-2025-54588Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults7.5Sep 2, 2025
• CVE-2025-46821Envoy vulnerable to bypass of RBAC uri_template permission5.3May 7, 2025