Envoy Gateway Authentication Bypass Leads to Secret Disclosure
A critical vulnerability in Envoy Gateway allows attackers to bypass path validation and access sensitive files on the gateway controller pod.
A critical security vulnerability, identified as CVE-2026-53713, affects Envoy Gateway. The flaw exists in the to_absolute_normalized_path function, which fails to correctly collapse redundant path separators. Because the security validation logic does not account for double-slash variants, attackers can bypass critical path checks to read arbitrary files from the gateway controller pod's filesystem.
This vulnerability, rated with a CVSS score of 9.1, permits the unauthorized retrieval of sensitive data including Kubernetes service account tokens, TLS certificates, and process environment variables. These credentials can subsequently be leveraged to access the Kubernetes API Server or the Gateway XDS server.
Users are urged to update to patched versions v1.7.4 or v1.8.1 to mitigate this risk. The fix ensures that redundant path separators are properly normalized and that directory traversal attempts are rejected. Additional risk reduction measures can be found in the official Lua documentation for Envoy Gateway.
Continue Reading
n8n Flaw Risks Multi-Issuer Hijacking
A critical identity-binding vulnerability in n8n's token exchange process allowed unauthorized account access across trusted issuers.
AI Agents Vulnerable to Data Injection
A new research paper details how 'probabilistic delimiter injection' allows attackers to bypass AI safety guards with fake data.
Critical Unauthenticated Access Flaw Found in Grafana OnCall
A critical vulnerability in Grafana OnCall allows unauthenticated remote attackers to gain full administrative access via hardcoded default identifiers.