CVE-2026-6994: Injection in Envoy
CVE-2026-6994 is a medium severity vulnerability in Envoy up to version 1. 33. 0 involving an injection weakness in the Query Parameter Handler component. The issue exists in the function params. add within the header_mutation. cc source file. This vulnerability allows remote attackers to perform injection attacks. A patch identified by commit f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4 is suggested to address the issue. No official remediation level or vendor advisory is provided in the available data. The CVSS 4.
AI Analysis
Technical Summary
Envoy versions 1.0 through 1.33.0 contain an injection vulnerability in the Query Parameter Handler, specifically in the params.add function of source/extensions/filters/http/header_mutation/header_mutation.cc. This flaw allows remote attackers to inject malicious input via query parameters. The vulnerability has a CVSS 4.0 score of 5.3, indicating medium severity. A patch commit (f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4) has been identified to fix the issue, but no explicit vendor advisory or remediation level is provided. There are no known exploits in the wild at this time.
Potential Impact
The vulnerability enables remote attackers to perform injection attacks through query parameters, potentially leading to unintended behavior or compromise of the Envoy proxy. The CVSS score of 5.3 indicates a medium impact with network attack vector and no required user interaction. The vulnerability affects all Envoy versions up to 1.33.0. No known active exploitation has been reported.
Mitigation Recommendations
A patch identified by commit f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4 is suggested to remediate this vulnerability. Since no official vendor advisory or remediation level is provided, users should apply this patch or upgrade to a fixed version as soon as possible. Patch status is not yet confirmed by the vendor advisory; therefore, check the vendor's official resources for current remediation guidance.
CVE-2026-6994: Injection in Envoy
Description
CVE-2026-6994 is a medium severity vulnerability in Envoy up to version 1. 33. 0 involving an injection weakness in the Query Parameter Handler component. The issue exists in the function params. add within the header_mutation. cc source file. This vulnerability allows remote attackers to perform injection attacks. A patch identified by commit f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4 is suggested to address the issue. No official remediation level or vendor advisory is provided in the available data. The CVSS 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Envoy versions 1.0 through 1.33.0 contain an injection vulnerability in the Query Parameter Handler, specifically in the params.add function of source/extensions/filters/http/header_mutation/header_mutation.cc. This flaw allows remote attackers to inject malicious input via query parameters. The vulnerability has a CVSS 4.0 score of 5.3, indicating medium severity. A patch commit (f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4) has been identified to fix the issue, but no explicit vendor advisory or remediation level is provided. There are no known exploits in the wild at this time.
Potential Impact
The vulnerability enables remote attackers to perform injection attacks through query parameters, potentially leading to unintended behavior or compromise of the Envoy proxy. The CVSS score of 5.3 indicates a medium impact with network attack vector and no required user interaction. The vulnerability affects all Envoy versions up to 1.33.0. No known active exploitation has been reported.
Mitigation Recommendations
A patch identified by commit f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4 is suggested to remediate this vulnerability. Since no official vendor advisory or remediation level is provided, users should apply this patch or upgrade to a fixed version as soon as possible. Patch status is not yet confirmed by the vendor advisory; therefore, check the vendor's official resources for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-24T19:49:39.070Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ed146687115cfb6832f109
Added to database: 4/25/2026, 7:22:14 PM
Last enriched: 4/25/2026, 7:36:02 PM
Last updated: 4/25/2026, 8:22:53 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.