CRITICAL10.0CVE-2019-9901EnvoyProxy Envoy Missing HTTP URL path normalization from 0, < 1.9.1
HIGH7.5CVE-2026-26308Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation >= 1.37.0, < 1.37.1
HIGH7.5Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults
>= 1.35.0, < 1.35.1
MEDIUM6.5Envoy crashes when JWT authentication is configured with the remote JWKS fetching
>= 1.36.0, < 1.36.3
MEDIUM6.5Envoy crashes when HTTP ext_proc processes local replies
from 0, < 1.30.10
MEDIUM5.9Envoy HTTP: filter chain execution on reset streams causing UAF crash
MEDIUM5.9Crash for scoped ip address in Envoy during DNS
MEDIUM5.3Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly
MEDIUM5.3Envoy has an off-by-one write in JsonEscaper::escapeString()
MEDIUM5.0Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
>= 1.36.0, < 1.36.3
LOW3.7Envoy forwards early CONNECT data in TCP proxy mode
>= 1.36.0, < 1.36.3