Every CVE whose affected-product data names Envoyproxy Envoy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (110)
CVE-2022-29226 — CVSS 10.0 (critical): Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism…
CVE-2019-18801 — CVSS 9.8 (critical): An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request…
CVE-2019-18802 — CVSS 9.8 (critical): An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header…
CVE-2020-35470 — CVSS 8.8 (high): Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the…
CVE-2021-32780 — CVSS 8.6 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy…
CVE-2021-32781 — CVSS 8.6 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after…
CVE-2023-35941 — CVSS 8.6 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10…
CVE-2021-32777 — CVSS 8.6 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when…
CVE-2021-32779 — CVSS 8.6 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy…
CVE-2021-39162 — CVSS 8.6 (high): Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and…
CVE-2021-39206 — CVSS 8.6 (high): Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related…
CVE-2024-23324 — CVSS 8.6 (high): Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream…
CVE-2020-25017 — CVSS 8.3 (high): Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy()…
CVE-2019-9900 — CVSS 8.3 (high): When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote…
CVE-2023-35944 — CVSS 8.2 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however…
CVE-2023-27487 — CVSS 8.2 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6…
CVE-2021-21378 — CVSS 8.2 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by…
CVE-2021-29492 — CVSS 8.1 (high): Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in…
CVE-2023-27493 — CVSS 8.1 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6…
CVE-2025-54588 — CVSS 7.5 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through…
CVE-2019-15226 — CVSS 7.5 (high): Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the…
CVE-2019-18836 — CVSS 7.5 (high): Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to…
CVE-2019-18838 — CVSS 7.5 (high): An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated…
CVE-2020-12603 — CVSS 7.5 (high): Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with…
CVE-2020-12604 — CVSS 7.5 (high): Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a…
CVE-2020-12605 — CVSS 7.5 (high): Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field…
CVE-2020-25018 — CVSS 7.5 (high): Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
CVE-2020-35471 — CVSS 7.5 (high): Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than…
CVE-2020-8663 — CVSS 7.5 (high): Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
CVE-2021-28682 — CVSS 7.5 (high): An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value…
CVE-2021-28683 — CVSS 7.5 (high): An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown…
CVE-2021-29258 — CVSS 7.5 (high): An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a…
CVE-2021-39204 — CVSS 7.5 (high): Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams…
CVE-2021-43824 — CVSS 7.5 (high): Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes…
CVE-2021-43826 — CVSS 7.5 (high): Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when…
CVE-2022-21655 — CVSS 7.5 (high): Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an…
CVE-2022-29225 — CVSS 7.5 (high): Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate…
CVE-2022-29227 — CVSS 7.5 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal…
CVE-2022-29228 — CVSS 7.5 (high): Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in…
CVE-2023-35945 — CVSS 7.5 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures…
CVE-2024-23322 — CVSS 7.5 (high): Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash…
CVE-2024-23325 — CVSS 7.5 (high): Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by…
CVE-2024-23327 — CVSS 7.5 (high): Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance…
CVE-2024-27919 — CVSS 7.5 (high): Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to…
CVE-2024-32475 — CVSS 7.5 (high): Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request…
CVE-2024-32976 — CVSS 7.5 (high): Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during…
CVE-2024-34363 — CVSS 7.5 (high): Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an…
CVE-2024-45807 — CVSS 7.5 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there…
CVE-2024-53270 — CVSS 7.5 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active…
CVE-2019-15225 — CVSS 7.5 (high): In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A…
CVE-2025-62409 — CVSS 7.5 (high): Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can…
CVE-2026-26308 — CVSS 7.5 (high): Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access…
CVE-2026-47220 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the…
CVE-2026-47774 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and…
CVE-2026-48042 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1…
CVE-2026-48044 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and…
CVE-2026-48743 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy…
CVE-2022-21656 — CVSS 7.4 (high): Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to…
CVE-2022-21654 — CVSS 7.4 (high): Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation…
CVE-2024-53271 — CVSS 7.1 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101…
CVE-2022-21657 — CVSS 6.8 (medium): Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the…
CVE-2026-47775 — CVSS 6.8 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the…
CVE-2026-47204 — CVSS 6.5 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and…
CVE-2026-47207 — CVSS 6.5 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and…
CVE-2024-39305 — CVSS 6.5 (medium): Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already…
CVE-2024-45806 — CVSS 6.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate…
CVE-2023-35942 — CVSS 6.5 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10…
CVE-2024-45808 — CVSS 6.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious…
CVE-2023-27496 — CVSS 6.5 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6…
CVE-2024-45810 — CVSS 6.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling…
CVE-2025-30157 — CVSS 6.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP…
CVE-2019-9901 — CVSS 6.5 (medium): Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass…
CVE-2025-62504 — CVSS 6.5 (medium): Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free…
CVE-2025-64527 — CVSS 6.5 (medium): Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT…
CVE-2025-55162 — CVSS 6.3 (medium): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10…
CVE-2023-35943 — CVSS 6.3 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10…
CVE-2021-43825 — CVSS 6.1 (medium): Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop…
CVE-2026-26310 — CVSS 5.9 (medium): Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort…
CVE-2026-48090 — CVSS 5.9 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2…
CVE-2024-32974 — CVSS 5.9 (medium): Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()`…
CVE-2026-26311 — CVSS 5.9 (medium): Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP…
CVE-2026-48706 — CVSS 5.9 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and…
CVE-2024-34362 — CVSS 5.9 (medium): Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with…
CVE-2026-47221 — CVSS 5.9 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and…
CVE-2024-23326 — CVSS 5.9 (medium): Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server…
CVE-2026-47205 — CVSS 5.9 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a…
CVE-2024-32975 — CVSS 5.9 (medium): Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by…
CVE-2022-29224 — CVSS 5.9 (medium): Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the…
CVE-2026-48497 — CVSS 5.9 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in…
CVE-2021-32778 — CVSS 5.8 (medium): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions…
CVE-2024-34364 — CVSS 5.7 (medium): Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since…
CVE-2023-27491 — CVSS 5.4 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed…
CVE-2023-27488 — CVSS 5.4 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6…
CVE-2025-46821 — CVSS 5.3 (medium): Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher…
CVE-2026-26309 — CVSS 5.3 (medium): Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in…
CVE-2024-45809 — CVSS 5.3 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with…
CVE-2026-26330 — CVSS 5.3 (medium): Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the…
CVE-2024-30255 — CVSS 5.3 (medium): Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4…
CVE-2020-8660 — CVSS 5.3 (medium): CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using…
CVE-2025-66220 — CVSS 5.0 (medium): Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher…
CVE-2023-27492 — CVSS 4.8 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6…
CVE-2026-47692 — CVSS 4.8 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and…
CVE-2020-15104 — CVSS 4.6 (medium): In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS…
CVE-2024-53269 — CVSS 4.5 (medium): Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs…
CVE-2022-23606 — CVSS 4.4 (medium): Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery…
CVE-2026-47778 — CVSS 4.4 (medium): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a…
CVE-2024-23323 — CVSS 4.3 (medium): Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage…
CVE-2025-64763 — CVSS 3.7 (low): Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP…
CVE-2020-11767 — CVSS 3.1 (low): Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to…