PT-2026-2290 · Unknown · Envoy Gateway

Guydc

Publicado

2026-01-12

Atualizado

2026-01-26

CVE-2026-22771

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Envoy Gateway versions prior to 1.5.7 Envoy Gateway versions prior to 1.6.2

Description Envoy Gateway is an open source project for managing Envoy Proxy. EnvoyExtensionPolicy Lua scripts executed by the proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to secrets used by Envoy proxy, such as TLS private keys and credentials used for upstream and downstream communication.

Recommendations Update Envoy Gateway to version 1.5.7 or later. Update Envoy Gateway to version 1.6.2 or later.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

BDU:2026-01040

BIT-ENVOY-GATEWAY-2026-22771

CVE-2026-22771

GHSA-XRWG-MQJ6-6M22

GO-2026-4312

SUSE-SU-2026:0292-1

Produtos afetados

Envoy Gateway

PT-2026-2290 · Unknown · Envoy Gateway

CVE-2026-22771

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31