PT-2026-60686 · Go · Github.Com/Envoyproxy/Ai-Gateway

CVE-2026-53714

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v3.1

7.4

High

VectorAV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Impact

When Envoy Gateway runs in GatewayNamespaceMode (provider.kubernetes.deploy.type=GatewayNamespace), the xDS gRPC server is configured with a StreamInterceptor for JWT authentication but no UnaryInterceptor. The go-control-plane xDS server exposes both streaming and unary (Fetch) RPC methods for all registered discovery services. Since there is no unary interceptor, these Fetch endpoints are completely unauthenticated.
Additionally, the JWT authentication interceptor in GatewayNamespaceMode only validates tokens when the received gRPC message is of type discoveryv3.DeltaDiscoveryRequest . If the message is a discoveryv3.DiscoveryRequest — used by the State-of-the-World (SotW) xDS protocol — the type assertion fails, the validation block is skipped entirely, and RecvMsg returns nil (success) without any authentication.
Any pod in the cluster that can reach the xDS server (port 18000) can use the SotW protocol to bypass JWT authentication and access:
  • TLS private keys via StreamSecrets (SDS)
  • All xDS resources via StreamAggregatedResources (ADS)
  • Backend endpoints via StreamClusters / StreamEndpoints (CDS/EDS)
  • Routing rules via StreamRoutes / StreamListeners (RDS/LDS)

Credits

Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-53714
GHSA-22XC-XG2R-9J7V

Affected Products

Github.Com/Envoyproxy/Ai-Gateway