← voltar
CVE-2026-47692

Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream

CVSS 4.8 MEDIUMCWE-130
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in the header. This can result in smuggled bytes on the upstream request. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Produtos afetados
envoyproxy · envoy

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/envoyproxy/envoy/security/advisories/GHSA-wh36-hm39-mm3r