CVE-2026-6994

MEDIUM 6.3

Envoy Query Parameter header_mutation.cc params.add injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch name: f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4. It is suggested to install a patch to address this issue.

CWE	CWE-74 CWE-707
Vendor	n/a
Product	envoy
Published	Apr 25, 2026

Stay Ahead of the Next One

Get instant alerts for n/a envoy

Be the first to know when new medium vulnerabilities affecting n/a envoy are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / Envoy

1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 1.25 1.26 1.27 1.28 1.29 1.30 1.31 1.32 1.33.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359546 vuldb.com: https://vuldb.com/vuln/359546/cti vuldb.com: https://vuldb.com/submit/797241 github.com: https://github.com/envoyproxy/envoy/pull/43502/ github.com: https://github.com/envoyproxy/envoy/commit/f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4

Credits

🔍 lukefr09 (VulDB User)