CVE-2026-26205 | open-policy-agent opa-envoy-plugin up to 1.13.2-envoy-1 HTTP Request input.parsed_path authorization (GHSA-9f29-v6mm-pw6w)

Inserito da Angelo Barbosa | Feb 19, 2026 | CVE

A vulnerability labeled as critical has been found in open-policy-agent opa-envoy-plugin up to 1.13.2-envoy-1. Affected is an unknown function of the component HTTP Request Handler. Executing a manipulation of the argument input.parsed_path can lead to incorrect authorization.

This vulnerability is tracked as CVE-2026-26205. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-26205 | open-policy-agent opa-envoy-plugin up to 1.13.2-envoy-1 HTTP Request input.parsed_path authorization (GHSA-9f29-v6mm-pw6w)

Post correlati

CVE-2025-4798 | Lester Chan WP-DownloadManager Plugin up to 1.68.10 on WordPress wp-config.php denial of service

CVE-2024-8722 | Soflyy WP All Import Pro Plugin up to 4.9.7 on WordPress cross site scripting

CVE-2023-6268 | JSON Content Importer Plugin up to 1.5.3 on WordPress tab cross site scripting

CVE-2025-59898 | Flexense Sync Breeze Enterprise Server 10.4.18 /add_exclude_dir cross site scripting