CVE-2026-47207
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This occurs when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message.
Risk Assessment
An attacker can cause a crash of the Envoy server, leading to service disruption and potential loss of application availability.
Recommendation
Immediately upgrade Envoy to version 1.35.13, 1.36.9, 1.37.5, or 1.38.3, depending on the branch in use.
Original NVD description (English source)
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.

