CVE-2026-6994

MEDIUM

Envoy Query Parameter header_mutation.cc params.add injection

Title source: cna

Description

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch name: f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4. It is suggested to install a patch to address this issue.

References (5)

[Patch] https://github.com/envoyproxy/envoy/pull/43502/

[Patch] https://github.com/envoyproxy/envoy/commit/f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4

View Patch ZIP pw:eip

[Vdb Entry, Technical Description] https://vuldb.com/vuln/359546

[Signature, Permissions Required] https://vuldb.com/vuln/359546/cti

[Third Party Advisory] https://vuldb.com/submit/797241

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-707 CWE-74

Status published

Products (34)

None/Envoy 1.0

None/Envoy 1.1

None/Envoy 1.10

None/Envoy 1.11

None/Envoy 1.12

None/Envoy 1.13

None/Envoy 1.14

None/Envoy 1.15

None/Envoy 1.16

None/Envoy 1.17

... and 24 more

Published Apr 25, 2026

Tracked Since Apr 26, 2026