CVE-2026-26310

Exploit

EPSS 0.01%
Veröffentlicht 10.03.2026 19:08:22
Zuletzt bearbeitet 11.03.2026 16:09:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Envoyproxy ≫ Envoy Version < 1.34.13

Envoyproxy ≫ Envoy Version >= 1.35.0 < 1.35.8

Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.5

Envoyproxy ≫ Envoy Version1.37.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/envoyproxy/envoy/security/advisories/GHSA-3cw6-2j68-868p

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-26310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26310

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26310