High
CVE-2026-41246
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker…
Tag: Contour
All CVEs associated with "Contour". Page 1/1 • 11 CVEs.
About “Contour”
A curated feed of “Contour”-related CVEs appears below. We currently track 11 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 7.4 (all time; 8.1 over 365d), and 82% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a MODERATE impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: contour
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 1.33 | 1.33.5 | - | ||
| 1.32 | 1.32.5 | - | ||
| 1.31 | 1.31.6 | - | ||
| 1.30 | 1.30.5 | Expired | ||
| 1.29 | 1.29.5 | Expired | ||
| 1.28 | 1.28.8 | Expired | ||
| 1.27 | 1.27.4 | Expired | ||
| 1.26 | 1.26.3 | Expired | ||
| 1.25 | 1.25.3 | Expired | ||
| 1.24 | 1.24.6 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Contour” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-04-23
2024-07-24
Critical
CVE-2024-36539
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
2023-06-27
Low
CVE-2023-22834
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the…
2021-07-23
High
CVE-2021-32783
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Conto…
2020-08-05
High
CVE-2020-15127
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on…
2019-05-06
High
CVE-2018-18979
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessa…
High
CVE-2018-18978
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphe…
High
CVE-2018-18977
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the dis…
Medium
CVE-2018-18976
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud pl…
High
CVE-2018-18975
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate…
2017-04-27
Critical
CVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.