CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
In Envoy from version 1.36.0 to 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability exists in the ext_authz HTTP filter. It occurs when processing per-route authorization overrides concurrently with rapid downstream client disconnects, leading to a segmentation fault and process crash.
A vulnerability in Devolutions Remote Desktop Manager allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name collision with an existing VPN script link. The issue affects the custom PowerShell VPN editor in versions 2026.2.5 through 2026.2.11.
The extract-zip library does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip extracts the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.
The mise tool (versions from 2026.3.15 to 2026.6.4) loads github.credential_command from a local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repository can execute arbitrary shell commands when the victim runs a GitHub-related mise command and no higher-priority GitHub token environment variable is set.
Vulnerability in mise (versions prior to 2026.6.4) allows remote code execution without user interaction. The trust mechanism does not cover task-include files, enabling arbitrary command execution via tera templates with exec() function. Simply entering a directory with a repository and listing tasks (e.g., mise tasks) or using Tab completion triggers the exploit.
A vulnerability in mise (versions prior to 2026.6.1) allows creating a symlink outside the install directory by manipulating the version string in .tool-versions. The issue occurs in the HTTP backend, which uses the unsanitized version value to build the symlink path.
A vulnerability in DragonflyDB before version 1.39.0 allows remote server crash by sending a crafted RESTORE command. A specially crafted payload triggers an out-of-bounds read during listpack collection loading, causing a process crash (SIGSEGV).
Envoy before versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 mishandles HTTP/3 requests with a non-zero Content-Length header that are complete at the transport layer (HEADERS with FIN). This results in an upstream HTTP/1 request with unresolved body debt, enabling desynchronization and route bypass.
In Envoy from version 1.34.0 to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in the TcpStatsdSink component where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16 KiB). An attacker can send an HTTP or gRPC request with an extremely long path (:path) recorded by the grpc_stats filter configured with stats_for_all_methods: true, causing a heap write overflow.
In Envoy, when the UDP DNS filter is configured with local or remote resolution for a name of 255 octets, a query with such a name causes abnormal process termination. This is due to an invalid runtime precondition that the name must be strictly less than 255 octets, contradicting RFC 1035.
In Envoy from version 1.23.0 to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability was found in the zstd decompressor implementation (ZstdDecompressorImpl). Processing a specially crafted, highly compressed zstd payload can lead to massive memory allocation. An attacker can exploit this to cause memory exhaustion, resulting in an OOM kill and Denial of Service (DoS) for the Envoy proxy.
In Envoy, an open-source edge and service proxy for cloud-native applications, the destructor of a JSON object causes a stack overflow when deeply nested objects (around 100k levels) are present. The vulnerability affects versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
A vulnerability in Envoy's TLS certificate validation allows an attacker to serve a certificate with a dNSName SAN containing an embedded NUL byte. Due to improper C-string casting, the domain name is truncated at the NUL, bypassing the exact match check and enabling unauthorized upstream routing.
Envoy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 has a vulnerability in the OAuth2 filter where encrypt()/decrypt() functions use AES-256-CBC without an authentication tag. An attacker can exploit a padding oracle on the /callback endpoint to recover the plaintext PKCE code_verifier from the encrypted CodeVerifier cookie.
A vulnerability in Envoy's PROXY Protocol v2 header generator allows TLVs to exceed the maximum length of 65535 bytes, causing a mismatch between written bytes and the length field, enabling byte smuggling in upstream requests.
Envoy contains a null pointer dereference vulnerability in the router filter when handling HTTP 303 internal redirects for body-less requests (POST, PUT, DELETE, PATCH). An attacker can send such a request to a properly configured route, causing a crash of the entire Envoy process.
Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This occurs when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message.
A vulnerability in Dragonfly before version 1.39.9 allows RESP protocol injection via the redis.error_reply() function in Lua within EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients.
A vulnerability in the envoy.filters.http.grpc_stats filter causes a null pointer dereference crash in Envoy when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hits a direct_response route. Affects versions from 1.26.0 through 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
The mise tool prior to version 2026.3.10 processes .tool-versions files through the Tera template engine with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode, allowing an attacker to place a malicious file in a git repository and execute commands without a trust prompt.

