PT-2026-2290 · Unknown · Envoy Gateway
Guydc
+1
·
Published
2026-01-12
·
Updated
2026-01-26
·
CVE-2026-22771
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Envoy Gateway versions prior to 1.5.7
Envoy Gateway versions prior to 1.6.2
Description
Envoy Gateway is an open source project for managing Envoy Proxy. EnvoyExtensionPolicy Lua scripts executed by the proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to secrets used by Envoy proxy, such as TLS private keys and credentials used for upstream and downstream communication.
Recommendations
Update Envoy Gateway to version 1.5.7 or later.
Update Envoy Gateway to version 1.6.2 or later.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Envoy Gateway