CVE-2026-47205: CWE-416: Use After Free in envoyproxy envoy
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3.
AI Analysis
Technical Summary
CVE-2026-47205 is a Use-After-Free vulnerability (CWE-416) in Envoy's ext_authz HTTP filter affecting versions before 1.36.9, 1.37.5, and 1.38.3. The vulnerability occurs when the filter replaces its default authorization client with a per-route client during request processing. Rapid downstream client disconnects trigger a stream teardown sequence that destructs the default client prematurely, causing asynchronous authorization callbacks to reference freed memory. This results in a segmentation fault and process crash. The flaw is fixed in versions 1.36.9, 1.37.5, and 1.38.3.
Potential Impact
The vulnerability leads to a denial of service through a segmentation fault and process crash in Envoy when handling specific authorization scenarios with rapid client disconnects. There is no indication of confidentiality or integrity impact. The CVSS score of 5.9 reflects a medium severity denial of service risk exploitable remotely without privileges but requiring high attack complexity.
Mitigation Recommendations
A fix is available in Envoy versions 1.36.9, 1.37.5, and 1.38.3. Users should upgrade to one of these versions or later to remediate this vulnerability. No other mitigation or workaround is indicated by the vendor advisory.
CVE-2026-47205: CWE-416: Use After Free in envoyproxy envoy
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3.
CVSS v3.1
Score 5.9medium
Affected software
pkg:github/envoyproxy/envoyRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-47205 is a Use-After-Free vulnerability (CWE-416) in Envoy's ext_authz HTTP filter affecting versions before 1.36.9, 1.37.5, and 1.38.3. The vulnerability occurs when the filter replaces its default authorization client with a per-route client during request processing. Rapid downstream client disconnects trigger a stream teardown sequence that destructs the default client prematurely, causing asynchronous authorization callbacks to reference freed memory. This results in a segmentation fault and process crash. The flaw is fixed in versions 1.36.9, 1.37.5, and 1.38.3.
Potential Impact
The vulnerability leads to a denial of service through a segmentation fault and process crash in Envoy when handling specific authorization scenarios with rapid client disconnects. There is no indication of confidentiality or integrity impact. The CVSS score of 5.9 reflects a medium severity denial of service risk exploitable remotely without privileges but requiring high attack complexity.
Mitigation Recommendations
A fix is available in Envoy versions 1.36.9, 1.37.5, and 1.38.3. Users should upgrade to one of these versions or later to remediate this vulnerability. No other mitigation or workaround is indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-18T22:25:21.257Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3eca5d72d29f1837dedde8
Added to database: 06/26/2026, 18:52:13 UTC
Last enriched: 06/26/2026, 19:07:12 UTC
Last updated: 06/26/2026, 19:37:14 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.