Known Vulnerabilities for Envoy by Envoyproxy
Listed below are 10 of the newest known vulnerabilities associated with "Envoy" by "Envoyproxy".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33726 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8,... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2026-32811 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decisi... | Not Provided | 2026-03-20 | 2026-03-21 |
| CVE-2025-23556 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netbitsolutions Push En... | Not Provided | 2025-03-03 | 2026-04-01 |
| CVE-2022-23606 | Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster... | 6.5 - MEDIUM | 2022-02-22 | 2022-03-02 |
| CVE-2022-21657 | Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not r... | 6.5 - MEDIUM | 2022-02-22 | 2022-03-07 |
| CVE-2022-21656 | Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementati... | 5.9 - MEDIUM | 2022-02-22 | 2023-07-24 |
| CVE-2022-21655 | Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault... | 7.5 - HIGH | 2022-02-22 | 2022-03-02 |
| CVE-2022-21654 | Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some c... | 9.8 - CRITICAL | 2022-02-22 | 2022-03-03 |
| CVE-2021-29492 | Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL ... | 8.3 - HIGH | 2021-05-28 | 2021-12-10 |
| CVE-2021-29258 | An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA ... | 7.5 - HIGH | 2021-05-20 | 2021-05-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Envoyproxy | Envoy | 3b5acb2 | All | All | All |
| Application | Envoyproxy | Envoy | 2d69e30 | All | All | All |
| Application | Envoyproxy | Envoy | 1.9.1 | All | All | All |
| Application | Envoyproxy | Envoy | 1.9.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.8.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.7.1 | All | All | All |
| Application | Envoyproxy | Envoy | 1.7.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.6.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.5.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.4.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.3.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.2.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.16.2 | All | All | All |
| Application | Envoyproxy | Envoy | 1.16.1 | All | All | All |
| Application | Envoyproxy | Envoy | 1.16.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.15.3 | All | All | All |
| Application | Envoyproxy | Envoy | 1.15.2 | All | All | All |
| Application | Envoyproxy | Envoy | 1.15.1 | All | All | All |
| Application | Envoyproxy | Envoy | 1.15.0 | All | All | All |
| Application | Envoyproxy | Envoy | 1.14.6 | All | All | All |