THREAT OPS › Threat News › [NVD] CVE-2026-22771 (HIGH 8.8) — Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be
[NVD] CVE-2026-22771 (HIGH 8.8) — Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be
CVE-2026-22771 CVSS: 8.8 HIGH Published: 2026-01-12T19:16:03.470
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain ac
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-22771cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22771