CVE-2026-26310

Exploit

EPSS 0.01%
Veröffentlicht 10.03.2026 19:08:22
Zuletzt bearbeitet 11.03.2026 16:09:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Crash for scoped ip address in Envoy during DNS

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Envoyproxy ≫ Envoy Version < 1.34.13

Envoyproxy ≫ Envoy Version >= 1.35.0 < 1.35.8

Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.5

Envoyproxy ≫ Envoy Version1.37.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/envoyproxy/envoy/security/advisories/GHSA-3cw6-2j68-868p

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-26310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26310

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26310