Gateway
This hub aggregates every CVE we track for Gateway, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
73
CVEs tracked
12
Critical
32
High
4
In CISA KEV
Severity distribution
HIGH32MEDIUM29CRITICAL12
Monthly trend
0
0
0
0
0
0
1
0
1
0
0
2
0
3
0
0
1
1
1
0
3
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Gateway.
- CVE-2026-3055Insufficient input validation leading to memory overreadKEV9.8
- CVE-2026-4368Race Condition leading to User Session Mixup8.8
- CVE-2026-32621Apollo Federation has prototype pollution via incomplete key sanitization9.9
- CVE-2026-22771Envoy Extension Policy lua scripts injection causes arbitrary command execution8.8
- CVE-2025-66405Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host9.8
- CVE-2025-12101Cross-Site Scripting (XSS)8.8
- CVE-2025-8424Improper access control on the NetScaler Management Interface9.6
- CVE-2025-7776Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service9.8
- CVE-2025-7775Memory overflow vulnerability leading to Remote Code Execution and/or Denial of ServiceKEV9.8
- CVE-2025-6543Memory overflow vulnerability leading to unintended control flow and Denial of ServiceKEV9.8
- CVE-2025-5777NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overreadKEV7.5
- CVE-2025-25294Envoy Gateway Log Injection Vulnerability5.3
- CVE-2025-24030Envoy Admin Interface Exposed through prometheus metrics endpoint7.1
- CVE-2023-24487Arbitrary file read6.3
- CVE-2023-24488Cross site scripting6.1
Product normalization is registry-driven with AI assist and human review. How it works