Known Vulnerabilities for Envoy by Cncf
Listed below are 3 of the newest known vulnerabilities associated with "Envoy" by "Cncf".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33726 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8,... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2026-32811 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decisi... | Not Provided | 2026-03-20 | 2026-03-21 |
| CVE-2025-23556 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netbitsolutions Push En... | Not Provided | 2025-03-03 | 2026-04-01 |
| CVE-2020-8664 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret... | 5.3 - MEDIUM | 2020-03-04 | 2021-07-21 |
| CVE-2020-8661 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | 7.5 - HIGH | 2020-03-04 | 2022-05-24 |
| CVE-2020-8659 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many smal... | 7.5 - HIGH | 2020-03-04 | 2022-09-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cncf | Envoy | 1.13.0 | All | All | All |