Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Network-reachable and unauthenticated (AV:N/PR:N); AC:H for the upstream early-response/connection-reuse race; scope change (S:C) as a separate backend connection is desynced; I:H for request injection/route bypass, C:L, A:N.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer (HEADERS with FIN / headers-only close) but still carries a nonzero Content-Length into a complete upstream HTTP/1 request with unresolved body debt. In an HTTP/1 upstream deployment where the origin replies before reading the declared body and keeps the connection reusable, the beginning of the next Envoy-generated upstream request can be consumed as the first request's body. The remaining bytes are then parsed by the origin as a new HTTP/1 request. This was reproduced as a route-bypass/desync: direct /pwn was denied by Envoy, but the second downstream H3 stream received the response for backend-parsed GET /pwn HTTP/1.1. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
AnalysisAI
HTTP request smuggling in Envoy proxy (versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1) lets remote attackers desynchronize HTTP/1 upstream connections by sending an HTTP/3 downstream request that is transport-complete (HEADERS with FIN) yet declares a nonzero Content-Length, leaving the translated HTTP/1 request with unresolved body debt. When the HTTP/1 origin replies before reading the body and keeps the connection reusable, the start of Envoy's next upstream request is consumed as the prior request's body, and the remainder is parsed by the origin as a separate, attacker-controlled request. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires Envoy deployed with a downstream HTTP/3 listener forwarding to an HTTP/1 (HTTP/1.1) upstream, and an origin server that replies before reading the declared request body while keeping the connection reusable (keep-alive). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS:3.1 vector (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N, base 7.5) reflects a network-reachable, unauthenticated attack with high complexity, a scope change (Envoy desyncs a separate backend connection), high integrity impact (request injection/route bypass), low confidentiality impact, and no availability impact - a coherent profile for a smuggling/desync bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sends a crafted HTTP/3 request to an Envoy listener that is headers-only/FIN-complete but declares a nonzero Content-Length, causing Envoy to emit an HTTP/1 request with an unsatisfied body to a reusable upstream connection. Because the origin answers before reading the body, the attacker's smuggled bytes (e.g. … |
| Remediation | Upgrade to the patched release for your branch: Vendor-released patch versions are 1.35.11, 1.36.7, 1.37.3, or 1.38.1 (apply the one matching your current minor line) as documented in GHSA-8phg-2h2q-jgxf (https://github.com/envoyproxy/envoy/security/advisories/GHSA-8phg-2h2q-jgxf). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Catalog all Envoy proxy deployments and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8
An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Rated
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). R
Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating ea
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Same weakness CWE-444 – HTTP Request/Response Smuggling
View allSame technique Request Smuggling
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39822