HIGH
Projectcontour
CVE published 2026-04-23
CVE-2026-41246
CVE-2026-41246 is a high-severity vulnerability in Contour, a Kubernetes ingress controller using Envoy proxy. The vulnerability exists in the Cookie Rewriting feature, which is internally implemented using Envoy's HTTP Lua filter. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[ [truncated]