101 CVEs

1 in CISA KEV

envoyproxy Vulnerabilities

CVE security advisories and vulnerability history for envoyproxy.

101

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

24

Public exploits

With known exploit

6.8

Avg CVSS

2019–2026

Overview

envoyproxy has 101 published CVE records since 2019, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 24 have a known public exploit. The average CVSS base score across scored CVEs is 6.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting envoyproxy products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of envoyproxy's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High38

Medium39

Low1

22 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of envoyproxy's CVEs is confirmed exploited in the wild.

Public exploits

24

24 of envoyproxy's CVEs have a known public exploit available.

Most affected products

The envoyproxy products with the most published CVEs.

envoy98 CVEs
github.com/envoyproxy/envoy11 CVEs
openshift service mesh4 CVEs
github.com/pomerium/pomerium3 CVEs
envoy-gateway3 CVEs
github.com/envoyproxy/gateway3 CVEs
gateway3 CVEs
istio3 CVEs

Common weakness types

The CWE weakness categories most often found in envoyproxy CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish envoyproxy CVE records.

Disclosure activity by year

How many envoyproxy CVEs were published each year.

2019

8

2020

14

2021

13

2022

13

2023

12

2024

24

2025

11

2026

6

Latest envoyproxy CVEs

The most recently disclosed vulnerabilities affecting envoyproxy.

Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly
CWE-416
Medium · CVSS 5.3
EPSS 0.0%2026-03-10
Envoy HTTP: filter chain execution on reset streams causing UAF crash
CWE-416
Medium · CVSS 5.9
EPSS 0.0%2026-03-10
Crash for scoped ip address in Envoy during DNS
CWE-20
Medium · CVSS 5.9
EPSS 0.0%2026-03-10
Envoy has an off-by-one write in JsonEscaper::escapeString()
CWE-193
Medium · CVSS 5.3
EPSS 0.0%2026-03-10
Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation
CWE-863
High · CVSS 7.5
EPSS 0.0%2026-03-10
Envoy Extension Policy lua scripts injection causes arbitrary command execution
CWE-94
High · CVSS 8.8
EPSS 0.0%2026-01-12
Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
CWE-170
Medium · CVSS 5.0
EPSS 0.0%2025-12-03
Envoy forwards early CONNECT data in TCP proxy mode
CWE-693
Low · CVSS 3.7
EPSS 0.0%2025-12-03
Envoy crashes when JWT authentication is configured with the remote JWKS fetching
CWE-476
Medium · CVSS 6.5
EPSS 0.0%2025-12-03
Envoy Lua filter use-after-free when oversized rewritten response body causes crash
CWE-416
Medium · CVSS 6.5
EPSS 0.0%2025-10-16
Envoy allows large requests and responses to cause TCP connection pool crash
CWE-476
Medium · CVSS 6.6
EPSS 0.0%2025-10-16
Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag
CWE-613
Medium · CVSS 6.3
EPSS 0.0%2025-09-03

Track new envoyproxy CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor envoyproxy CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about envoyproxy vulnerabilities.

How many CVEs does envoyproxy have?

envoyproxy has 101 published CVE records since 2019, including 17 in the last two years.

How many envoyproxy CVEs are in CISA KEV?

Yes — 1 of envoyproxy's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which envoyproxy products have the most CVEs?

The envoyproxy products with the most published CVEs are envoy, github.com/envoyproxy/envoy, openshift service mesh, github.com/pomerium/pomerium, envoy-gateway.

What are the most common weakness types in envoyproxy CVEs?

envoyproxy's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-20 (Improper Input Validation), CWE-400 (Uncontrolled Resource Consumption), CWE-476 (NULL Pointer Dereference).

Are there public exploits for envoyproxy vulnerabilities?

Yes — 24 of envoyproxy's CVEs have a known public exploit.

How many critical envoyproxy vulnerabilities are there?

envoyproxy has 1 critical and 38 high-severity CVEs.

What is the average severity of envoyproxy CVEs?

The average CVSS base score across envoyproxy's scored CVEs is 6.8.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track envoyproxy vulnerabilities

Monitor new envoyproxy vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing