CVE-2026-22771 | Envoy Proxy up to 1.5.6/1.6.1 EnvoyExtensionPolicy Lua Script code injection (GHSA-xrwg-mqj6-6m22)

A vulnerability was found in Envoy Proxy up to 1.5.6/1.6.1. It has been declared as critical. The affected element is an unknown function of the component EnvoyExtensionPolicy Lua Script Handler. The manipulation results in code injection.

This vulnerability is known as CVE-2026-22771. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More