CVE-2026-47207
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: security-advisories@github.com (Secondary)
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
Affected (4)
Products: Envoyproxy: Envoy
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 1.34.0 to 1.35.13 |
References (2)
Source: security-advisories@github.com
ExploitVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitVendor Advisory
Timeline
No history available yet.