CVE-2026-47205
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
In Envoy from version 1.36.0 to 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability exists in the ext_authz HTTP filter. It occurs when processing per-route authorization overrides concurrently with rapid downstream client disconnects, leading to a segmentation fault and process crash.
Risk Assessment
An attacker can exploit this vulnerability to cause an Envoy server crash (segfault), resulting in service disruption and potential unavailability of proxied applications.
Recommendation
Immediately upgrade Envoy to version 1.36.9, 1.37.5, or 1.38.3, depending on your branch. The update fixes the UAF bug in the ext_authz filter.
Original NVD description (English source)
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3.

