Lucene search
+L

6 matches found

OSV
OSV
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 6:16 p.m.10 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS0.00448EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 5:37 p.m.3 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.9AI score0.00448EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:37 p.m.6 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.8AI score0.00448EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:37 p.m.37 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS0.00448EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 5:37 p.m.21 views

CVE-2026-47204

Envoy CVE-2026-47204 affects the envoy.filters.http.grpc_stats filter. From 1.26.0 up to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hitting a direct_response route could crash the Envoy process due to a nul...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder