CVE-2026-6994

Summary

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch name: f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4. It is suggested to install a patch to address this issue.

Affected Software

VendorProductVersion RangeStatus
n/aEnvoy1.0affected
n/aEnvoy1.1affected
n/aEnvoy1.2affected
n/aEnvoy1.3affected
n/aEnvoy1.4affected
n/aEnvoy1.5affected
n/aEnvoy1.6affected
n/aEnvoy1.7affected
n/aEnvoy1.8affected
n/aEnvoy1.9affected
n/aEnvoy1.10affected
n/aEnvoy1.11affected
n/aEnvoy1.12affected
n/aEnvoy1.13affected
n/aEnvoy1.14affected
n/aEnvoy1.15affected
n/aEnvoy1.16affected
n/aEnvoy1.17affected
n/aEnvoy1.18affected
n/aEnvoy1.19affected
n/aEnvoy1.20affected
n/aEnvoy1.21affected
n/aEnvoy1.22affected
n/aEnvoy1.23affected
n/aEnvoy1.24affected
n/aEnvoy1.25affected
n/aEnvoy1.26affected
n/aEnvoy1.27affected
n/aEnvoy1.28affected
n/aEnvoy1.29affected
n/aEnvoy1.30affected
n/aEnvoy1.31affected
n/aEnvoy1.32affected
n/aEnvoy1.33.0affected

Weaknesses

  • CWE-74: Injection
  • CWE-707: Improper Neutralization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References