CVE-2026-47207 Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

agent-runtimes (=0.0.9), aws-ai-capacity (>=0.1.0 <=0.1.3) +12 more potentially affected by CVE-2026-25640 via pydantic-ai-slim (>=1.34.0 <=1.50.0)

pydantic-ai-slim PYPI version =1.34.0, =0.1.0, =1.3.0, =1.0.0, =0.4.3b0, =1.3.0, =1.3.0, =1.3.0, =0.6.3, =0.45.2, =2.0.0, =2.1.0 Source cves: CVE-2026-25640 Source advisory: SNYK:PYTHON-PYDANTICAISLIM-15248298...