CVE-2026-47205 | envoyproxy envoy up to 1.36.8/1.37.4/1.38.2 Protected WebSocket Endpoint doDeferredStreamDestroy use after free

Inserito da Angelo Barbosa | Giu 26, 2026 | CVE

A vulnerability labeled as critical has been found in envoyproxy envoy up to 1.36.8/1.37.4/1.38.2. Affected by this issue is the function ConnectionManagerImpl::doDeferredStreamDestroy of the component Protected WebSocket Endpoint. Such manipulation leads to use after free.

This vulnerability is uniquely identified as CVE-2026-47205. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-47205 | envoyproxy envoy up to 1.36.8/1.37.4/1.38.2 Protected WebSocket Endpoint doDeferredStreamDestroy use after free

Post correlati

CVE-2024-8303 | dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c /ajax/getBasicInfo.php username sql injection

CVE-2024-3947 | WP To Do Plugin up to 1.3.0 on WordPress wptodo_settings cross-site request forgery

CVE-2024-7792 | SourceCodester Task Progress Tracker 1.0 delete-task.php task sql injection

CVE-2024-3736 | cym1102 nginxWebUI up to 3.9.9 /adminPage/main/upload unrestricted upload