Skip to main content

Envoy Gateway CVE-2026-53714

HIGH
Missing Authentication for Critical Function (CWE-306)
2026-07-16 https://github.com/envoyproxy/gateway GHSA-22xc-xg2r-9j7v
7.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.4 HIGH
AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vuln.today AI
7.4 HIGH

Any in-cluster pod reaching port 18000 exploits it unauthenticated with low complexity (AV:A/AC:L/PR:N); leaking other workloads' TLS keys is a scope change (S:C) with confidentiality-only impact (C:H, I:N, A:N).

3.1 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 16, 2026 - 20:17 vuln.today
Analysis Generated
Jul 16, 2026 - 20:17 vuln.today
CVE Published
Jul 16, 2026 - 19:32 github-advisory
HIGH 7.4

DescriptionGitHub Advisory

Impact

When Envoy Gateway runs in GatewayNamespaceMode (provider.kubernetes.deploy.type=GatewayNamespace), the xDS gRPC server is configured with a StreamInterceptor for JWT authentication but no UnaryInterceptor. The go-control-plane xDS server exposes both streaming and unary (Fetch) RPC methods for all registered discovery services. Since there is no unary interceptor, these Fetch endpoints are completely unauthenticated.

Additionally, the JWT authentication interceptor in GatewayNamespaceMode only validates tokens when the received gRPC message is of type discoveryv3.DeltaDiscoveryRequest . If the message is a discoveryv3.DiscoveryRequest - used by the State-of-the-World (SotW) xDS protocol - the type assertion fails, the validation block is skipped entirely, and RecvMsg returns nil (success) without any authentication.

Any pod in the cluster that can reach the xDS server (port 18000) can use the SotW protocol to bypass JWT authentication and access:

  • TLS private keys via StreamSecrets (SDS)
  • All xDS resources via StreamAggregatedResources (ADS)
  • Backend endpoints via StreamClusters / StreamEndpoints (CDS/EDS)
  • Routing rules via StreamRoutes / StreamListeners (RDS/LDS)

Credits

Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.

AnalysisAI

Authentication bypass and control-plane information disclosure in Envoy Gateway (versions >= 1.8.0-rc.0 to < 1.8.1, and all releases < 1.7.4) allows any in-cluster pod that can reach the xDS gRPC server on port 18000 to read sensitive xDS resources without valid credentials. The flaw affects only deployments running in GatewayNamespaceMode, where the JWT StreamInterceptor mishandles State-of-the-World DiscoveryRequests and no UnaryInterceptor guards the Fetch endpoints, exposing TLS private keys (SDS), clusters/endpoints, and routing configuration. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain in-cluster pod foothold
Delivery
Reach xDS gRPC server on port 18000
Exploit
Send SotW DiscoveryRequest (StreamSecrets/ADS)
Execution
Bypass JWT interceptor via type-assertion gap
Persist
Stream TLS keys and xDS config
Impact
Impersonate services or intercept traffic

Vulnerability AssessmentAI

Exploitation Exploitation requires that Envoy Gateway is deployed in GatewayNamespaceMode (provider.kubernetes.deploy.type=GatewayNamespace) - this is the specific configuration that installs the flawed StreamInterceptor with no UnaryInterceptor. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately but not uniformly severe. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised or legitimately deployed a low-privileged pod in a cluster running Envoy Gateway in GatewayNamespaceMode opens a gRPC connection to the control plane on port 18000 and issues a State-of-the-World StreamSecrets (SDS) request without any JWT. Because the interceptor only validates Delta requests, the SotW request bypasses authentication and streams back TLS private keys and full xDS configuration, which the attacker then uses to impersonate services or intercept traffic. …
Remediation Vendor-released patch: upgrade to Envoy Gateway 1.8.1 (for the 1.8.x line) or 1.7.4 (for the 1.7.x line), which add the missing unary authentication and correctly validate SotW DiscoveryRequest messages. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all Envoy Gateway deployments in GatewayNamespaceMode and review port 18000 access logs to establish baseline for forensics and detect potential unauthorized access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-53714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy