CVE-2026-12382 - Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing
CVE ID :CVE-2026-12382 Published : July 15, 2026, 6:16 p.m. | 17 minutes ago Description :A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining...