PatchSiren

Envoyproxy CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Envoyproxy CVE published 2026-06-26

CVE-2026-48497

CVE-2026-48497 is a medium-severity vulnerability affecting Envoy, an open-source edge and service proxy. The vulnerability occurs in the UDP DNS filter and can cause abnormal process termination when a query with a name of 255 octets is processed. This happens because the filter incorrectly assumes the query name must be strictly less than 255 octets, contradicting the DNS specification (RFC 1035). The i [truncated]

HIGH envoyproxy CVE published 2026-06-26

CVE-2026-48042

CVE-2026-48042 is a high-severity vulnerability affecting Envoy, an open-source edge and service proxy. The vulnerability occurs in the destructor of JSON objects, which can lead to a stack overflow when dealing with deeply nested objects, approximately 100,000 levels deep. This issue was addressed in Envoy versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. The vulnerability has a CVSS score of 7.5 and is clas [truncated]

MEDIUM Envoyproxy CVE published 2026-06-26

CVE-2026-47775

CVE-2026-47775 is a vulnerability in Envoy's OAuth2 HTTP filter. The encrypt()/decrypt() functions use AES-256-CBC without an authentication tag, creating a padding oracle. An attacker can recover the plaintext PKCE code_verifier in ~6,200 requests and exchange it for a stolen authorization code to obtain the victim's access token. This issue affects Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1. [truncated]

HIGH envoyproxy CVE published 2026-06-17

CVE-2026-47774

CVE-2026-47774 is a high-severity vulnerability in Envoy's HTTP/2 downstream request processing. An unauthenticated remote client can trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. This issue arises from a combination of two behaviors: incomplete accounting of cookie header bytes during request header size validation and HPACK hea [truncated]

HIGH Envoyproxy CVE published 2026-01-12

CVE-2026-22771

CVE-2026-22771 is a high-severity vulnerability in Envoy Gateway, a project for managing Envoy Proxy. The vulnerability allows EnvoyExtensionPolicy Lua scripts executed by Envoy proxy to leak the proxy's credentials. These credentials can be used to communicate with the control plane and gain access to all secrets used by Envoy proxy, including TLS private keys and credentials for downstream and upstream [truncated]

HIGH envoyproxy CVE published 2023-12-12

CVE-2023-35945

CVE-2023-35945 is publicly documented by CISA in a CSAF advisory for Schneider Electric EcoStruxure Power Operation (EPO). The supplied advisory ties the issue to EPO 2022 and EPO 2024 and describes a denial-of-service outcome driven by a memory leak/memory exhaustion condition. Because the affected product lines are industrial control system software, availability impact should be treated as operationall [truncated]