CWE-551: CWE-551

Total CVEs

Critical

High

8.0

Avg CVSS

Yearly Trend

2026

2023

2021

Top Affected Vendors

1 Envoyproxy 2

2 Redhat 1

3 Quarkus 1

4 Dompdf Project 1

All CWE-551 CVEs (5)

CVE-2023-23924

10.0

Dompdf 2.0.1 has an SVG parsing vulnerability where URI validation can be bypassed using uppercase letters in <image> tags. This allows attackers to e...

Feb 1, 2023

CVE-2021-32779

8.6

This vulnerability in Envoy proxy allows attackers to bypass path-based authorization controls by including URI fragments (#fragment) in requests. It ...

Aug 24, 2021

CVE-2021-32777

8.6

Envoy's ext-authz extension fails to properly merge multiple-value headers when sending requests to external authorization services, sending only the ...

Aug 24, 2021

CVE-2023-6394

7.4

CVE-2023-6394 is an authentication bypass vulnerability in Quarkus where GraphQL operations over WebSocket connections are processed without proper ro...

Dec 9, 2023

CVE-2026-0707

5.3

This vulnerability in Keycloak's Authorization header parser allows attackers to bypass authentication by using non-standard characters (like tabs) or...

Jan 8, 2026

About CWE-551 (CWE-551)

Our database tracks 5 CVEs classified as CWE-551, with 1 rated critical and 3 rated high severity. The average CVSS score for CWE-551 vulnerabilities is 8.0.

External reference: View CWE-551 on MITRE CWE →

Monitor CWE-551 Vulnerabilities

Get alerted when new CWE-551 CVEs affect your infrastructure.

Start Monitoring Free