CVE-2026-26310

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.37.1 Envoy versions prior to 1.36.5 Envoy versions prior to 1.35.8 Envoy versions prior to 1.34.13

Description Envoy is a high-performance edge/middle/service proxy. Calling the Utility::getAddressWithPort function with a scoped IPv6 address can cause a crash. This function is used in the data plane by the original src filter and the dns filter, potentially leading to a denial of service.

Recommendations Update to Envoy version 1.37.1. Update to Envoy version 1.36.5. Update to Envoy version 1.35.8. Update to Envoy version 1.34.13.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-ENVOY-2026-26310

CVE-2026-26310

GHSA-3CW6-2J68-868P

Affected Products

Envoy

CVE-2026-26310

Weakness Enumeration

Related Identifiers

Affected Products

References · 10