Projectcontour Contour — known CVE vulnerabilities
Every CVE whose affected-product data names Projectcontour Contour, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-36539 — CVSS 9.8 (critical): Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service…
CVE-2021-32783 — CVSS 8.5 (high): Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type…
CVE-2026-41246 — CVSS 8.1 (high): Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie…
CVE-2020-15127 — CVSS 7.5 (high): In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing…