CVE-2026-47205 in envoy
Summary
by MITRE • 06/26/2026
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/26/2026
The vulnerability described represents a critical use-after-free condition in Envoy's ext_authz HTTP filter that emerged in versions ranging from 1.36.0 through 1.36.8, 1.37.0 through 1.37.4, and 1.38.0 through 1.38.2. This issue stems from improper memory management during concurrent authorization operations when downstream clients disconnect rapidly, creating a race condition in the filter's lifecycle handling. The security flaw manifests as a segmentation fault that terminates the Envoy process, impacting availability and potentially providing an avenue for denial-of-service attacks against services relying on this proxy implementation.
The technical root cause resides in how Envoy handles authorization client objects within its ext_authz filter when processing per-route authorization overrides. During normal request processing, the system initializes a default authorization client object referred to as client_. When a route configuration specifies a dynamic override for HTTP or gRPC authorization services, the system creates a per-route client instance and immediately overwrites the default client pointer using std::move(per_route_client). This operation creates a scenario where the default client object becomes invalid while asynchronous operations might still be pending. The vulnerability becomes apparent when rapid downstream client disconnections occur, particularly in WebSocket or other persistent connection scenarios where stream teardown happens swiftly. When ConnectionManagerImpl::doDeferredStreamDestroy() executes followed by ActiveStream::onResetStream(), the filter's onDestroy() method attempts to cancel any outstanding authorization checks through client_->cancel(). However, due to the pointer overwriting operation that occurred earlier, the cancellation mechanism attempts to operate on a destroyed object, leading to memory corruption and eventual process crash.
The operational impact of this vulnerability extends beyond simple service disruption as it affects the stability and reliability of cloud-native applications relying on Envoy for edge and service proxy functionality. Attackers could exploit this condition by crafting rapid connection patterns that trigger the race condition, potentially causing service outages or system instability in environments where Envoy handles high volumes of concurrent connections. The vulnerability particularly impacts applications using WebSocket endpoints or other protocols requiring frequent stream establishment and teardown cycles, making it relevant for modern microservices architectures where connection reuse and rapid client interaction are common patterns.
This vulnerability aligns with CWE-416, which specifically addresses Use-After-Free conditions in software implementations, and demonstrates characteristics consistent with ATT&CK technique T1499.004 related to Network Denial of Service attacks. The flaw's exploitation requires understanding of Envoy's internal stream management and asynchronous client handling mechanisms, making it suitable for sophisticated attackers targeting infrastructure components. Organizations using affected versions should prioritize immediate patching as the fix implemented in versions 1.36.9, 1.37.5, and 1.38.3 properly addresses the memory lifecycle management issue by ensuring proper client object tracking during concurrent operations.
Mitigation strategies should focus on upgrading to patched versions where the memory management has been corrected to prevent premature destruction of authorization client objects during asynchronous operations. Additionally, implementing connection rate limiting or circuit breaker patterns can help reduce the likelihood of triggering this race condition in environments where immediate patching is not immediately feasible. Monitoring systems should be enhanced to detect sudden process crashes or segmentation faults that might indicate exploitation attempts against this vulnerability. The fix addresses the core issue by ensuring that authorization client lifecycle management properly accounts for concurrent operations and maintains proper reference tracking during stream teardown sequences, preventing the scenario where a destroyed object becomes the target of asynchronous callback execution.