envoyproxy envoy up to 1.36.8/1.37.4/1.38.2 Protected WebSocket Endpoint doDeferredStreamDestroy use after free

Summaryinfo

A vulnerability marked as critical has been reported in envoyproxy envoy up to 1.36.8/1.37.4/1.38.2. This affects the function ConnectionManagerImpl::doDeferredStreamDestroy of the component Protected WebSocket Endpoint. Performing a manipulation results in use after free. This vulnerability was named CVE-2026-47205. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in envoyproxy envoy up to 1.36.8/1.37.4/1.38.2. It has been classified as problematic. This affects the function ConnectionManagerImpl::doDeferredStreamDestroy of the component Protected WebSocket Endpoint. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on availability. The summary by CVE is:

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3.

It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2026-47205 since 05/19/2026. The exploitability is told to be difficult. It is possible to initiate the attack remotely. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 1.36.9, 1.37.5 or 1.38.3 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-39828). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• envoyproxy

Name

• envoy

Version

• 1.36.0
• 1.36.1
• 1.36.2
• 1.36.3
• 1.36.4
• 1.36.5
• 1.36.6
• 1.36.7
• 1.36.8
• 1.37.0
• 1.37.1
• 1.37.2
• 1.37.3
• 1.37.4
• 1.38.0
• 1.38.1
• 1.38.2

License

• free

Website

• Product: https://github.com/envoyproxy/envoy/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion