CVE-2026-41246 - Contour: Lua code injection via Cookie Path Rewrite Policy
CVE ID :CVE-2026-41246 Published : April 23, 2026, 7:17 p.m. | 33 minutes ago Description :Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker wit
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Attempted hack on my Microsoft account. Was it a VPN node?
- [CYBER] KelpDAO hack news: Aave leads DeFi bailout push after $292M crypto exploit - CoinDesk
- [CYBER] US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
- [CYBER] Speaking Freely: Lizzie O'Shea
- [CYBER] Dragos: Despite AI use, new malware targeting water plants is ‘hype’
- [CYBER] Trump’s pick to run US cyber agency CISA asks to drop out