Skip to main content

Envoy Gateway CVE-2026-53713

CRITICAL
Improper Input Validation (CWE-20)
2026-07-16 https://github.com/envoyproxy/gateway GHSA-wcrf-9vrr-854f
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
vuln.today AI
9.1 CRITICAL

Attacker needs policy-authoring rights so PR:L, delivered via K8s API (AV:N/AC:L); stolen credentials reach separate API/XDS systems justifying S:C with dominant confidentiality impact (C:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 16, 2026 - 19:52 vuln.today
Analysis Generated
Jul 16, 2026 - 19:52 vuln.today
CVE Published
Jul 16, 2026 - 19:23 github-advisory
CRITICAL 9.1

DescriptionGitHub Advisory

Impact

The to_absolute_normalized_path function (security.lua:28-43) does not collapse redundant path separators (// → /). On Linux, //etc/passwd is equivalent to /etc/passwd (POSIX path semantics), but is_critical_path fails to match the double-slash variant because //etc/passwd does not start with /etc/.

This allows Lua code submitted as an EnvoyExtensionPolicy to read arbitrary files from the gateway controller pod's filesystem during Strict validation (the default), including:

  • /etc/passwd
  • Kubernetes SA tokens via //var/run/secrets/kubernetes.io/serviceaccount/token
  • TLS certificates via //certs/...
  • Process environment via //proc/self/environ

These credentials can be used to read sensitive information from the K8s API Server or from the Gateway XDS server.

Patches

This has been patched in versions >= v1.7.4 and v1.8.1

  • Collapse redundant path separators (// to /) so double-slash variants like //etc/passwd and //var/run/secrets/... are matched by the critical-path check.
  • Rewrite the traversal check to reject any . or .. segment in any position and across both separator styles (catches /etc/./passwd, ./etc/passwd, /etc/.).

Workarounds

Please refer to the Warning section in Lua docs for measures to reduce risk.

Credits

Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.

AnalysisAI

Arbitrary file disclosure in Envoy Gateway's controller allows a low-privileged tenant who can create an EnvoyExtensionPolicy to read sensitive files from the gateway controller pod. A path-normalization gap in the security.lua critical-path check (CWE-20) lets attacker-supplied Lua bypass the read restriction using double-slash paths (e.g. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain RBAC rights to create EnvoyExtensionPolicy
Delivery
Submit Lua with //-prefixed critical path
Exploit
Bypass is_critical_path validation check
Execution
Controller reads SA token/TLS certs during Strict validation
Persist
Pivot with stolen token to K8s API / XDS
Impact
Disclose cluster secrets

Vulnerability AssessmentAI

Exploitation Exploitation requires the ability to submit an EnvoyExtensionPolicy containing Lua to the cluster (Kubernetes RBAC create/update rights on that CRD), and the target must be running the default Strict validation mode where the Lua is executed by the controller during validation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L scores 9.1, driven by high confidentiality impact and a changed scope - stolen SA tokens and XDS credentials pivot to the Kubernetes API server and Gateway XDS, systems distinct from the vulnerable pod. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding RBAC permission to create EnvoyExtensionPolicy objects submits a Lua script that opens //var/run/secrets/kubernetes.io/serviceaccount/token, bypassing the Strict-validation critical-path guard via the double-slash form. During validation the script executes in the controller pod, exfiltrates the service-account token, then reuses it against the Kubernetes API server or XDS to read further secrets. …
Remediation Vendor-released patch: upgrade to Envoy Gateway v1.7.4 (1.7.x branch) or v1.8.1 (1.8.x branch) or later, which collapse redundant '//' separators before the critical-path check and reject any '.' or '..' segment in any position across both separator styles. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit RBAC policies to restrict EnvoyExtensionPolicy creation to trusted administrative users only, and inventory all Envoy Gateway deployments in your environment. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-53713 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy