CVE-2026-47205 | envoyproxy envoy up to 1.36.8/1.37.4/1.38.2 Protected WebSocket Endpoint doDeferredStreamDestroy use after free

Inserito da Angelo Barbosa | Giu 26, 2026 | CVE

A vulnerability labeled as critical has been found in envoyproxy envoy up to 1.36.8/1.37.4/1.38.2. Affected by this issue is the function ConnectionManagerImpl::doDeferredStreamDestroy of the component Protected WebSocket Endpoint. Such manipulation leads to use after free.

This vulnerability is uniquely identified as CVE-2026-47205. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-47205 | envoyproxy envoy up to 1.36.8/1.37.4/1.38.2 Protected WebSocket Endpoint doDeferredStreamDestroy use after free

Post correlati

CVE-2024-27972 | Very Good Plugins WP Fusion Lite Plugin up to 3.41.24 on WordPress command injection

CVE-2024-9936 | Mozilla Firefox up to 131.0.2 Selection Node Cache denial of service

CVE-2025-56234 | Nanda AT_NA2000 Sequence Number random values

CVE-2024-23739 | Discord up to 0.0.291 on macOS Setting RunAsNode/enableNodeClilnspectArguments Privilege Escalation