PT-2026-60686 · Go · Github.Com/Envoyproxy/Ai-Gateway

CVE-2026-53714

·

Publicado

2026-07-16

·

Atualizado

2026-07-16

CVSS v3.1

7.4

Alta

VetorAV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Impact

When Envoy Gateway runs in GatewayNamespaceMode (provider.kubernetes.deploy.type=GatewayNamespace), the xDS gRPC server is configured with a StreamInterceptor for JWT authentication but no UnaryInterceptor. The go-control-plane xDS server exposes both streaming and unary (Fetch) RPC methods for all registered discovery services. Since there is no unary interceptor, these Fetch endpoints are completely unauthenticated.
Additionally, the JWT authentication interceptor in GatewayNamespaceMode only validates tokens when the received gRPC message is of type discoveryv3.DeltaDiscoveryRequest . If the message is a discoveryv3.DiscoveryRequest — used by the State-of-the-World (SotW) xDS protocol — the type assertion fails, the validation block is skipped entirely, and RecvMsg returns nil (success) without any authentication.
Any pod in the cluster that can reach the xDS server (port 18000) can use the SotW protocol to bypass JWT authentication and access:
  • TLS private keys via StreamSecrets (SDS)
  • All xDS resources via StreamAggregatedResources (ADS)
  • Backend endpoints via StreamClusters / StreamEndpoints (CDS/EDS)
  • Routing rules via StreamRoutes / StreamListeners (RDS/LDS)

Credits

Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-53714
GHSA-22XC-XG2R-9J7V

Produtos afetados

Github.Com/Envoyproxy/Ai-Gateway