PT-2026-60685 · Go · Github.Com/Envoyproxy/Ai-Gateway
CVE-2026-53713
·
Published
2026-07-16
·
Updated
2026-07-16
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L |
Impact
The
to absolute normalized path function (security.lua:28-43) does not collapse redundant path separators (// → /). On Linux, //etc/passwd is equivalent to /etc/passwd (POSIX path semantics), but is critical path fails to match the double-slash variant because //etc/passwd does not start with /etc/.This allows Lua code submitted as an
EnvoyExtensionPolicy to read arbitrary files from the gateway controller pod's filesystem during Strict validation (the default), including:/etc/passwd- Kubernetes SA tokens via
//var/run/secrets/kubernetes.io/serviceaccount/token - TLS certificates via
//certs/... - Process environment via
//proc/self/environ
These credentials can be used to read sensitive information from the K8s API Server or from the Gateway XDS server.
Patches
This has been patched in versions >= v1.7.4 and v1.8.1
- Collapse redundant path separators (
//to/) so double-slash variants like//etc/passwdand//var/run/secrets/...are matched by the critical-path check. - Rewrite the traversal check to reject any
.or..segment in any position and across both separator styles (catches/etc/./passwd,./etc/passwd,/etc/.).
Workarounds
Please refer to the
Warning section in Lua docs for measures to reduce risk.Credits
Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github.Com/Envoyproxy/Ai-Gateway