Envoy Gateway CVE-2026-53717
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Network-reachable via Kubernetes API with low privilege (tenant RBAC); no confidentiality or integrity impact; full availability loss via unrecoverable OOM.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
- Tenant can create EnvoyExtensionPolicy (baseline)
- Controller has egress to attacker-controlled OCI registry
- No registry allowlist (none exists in code)
- Layer presents Docker/OCI media type
Description
At imagefetcher.go:287, make([]byte, h.Size) uses the attacker-controlled tar-header size; the LimitReader at :278 bounds bytes read from the stream but not the header-declared size returned by tr.Next() (a 512-byte header can claim a multi-TB entry via PAX/GNU encoding). Reached from untrusted tenant input via EnvoyExtensionPolicy spec.wasm[].code.image.url (envoyextensionpolicy.go:1157 → cache.go:262/299 → imagefetcher.go:218 → :287), and the allocation happens for every tar entry regardless of filename. The resulting Go runtime OOM throw is unrecoverable and, because the CRD persists, crash-loops the shared controller - single-request, non-volumetric, cluster-wide DoS.
AnalysisAI
Uncontrolled memory allocation in Envoy Gateway's OCI image fetcher allows a low-privileged tenant to crash-loop the shared controller cluster-wide. Versions before 1.7.4 and in the 1.8.x pre-release range before 1.8.1 are affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all four of the following conditions: (1) the attacker holds Kubernetes RBAC permission to create or modify EnvoyExtensionPolicy resources in at least one namespace - this is a tenant-level privilege that should be restricted to trusted operators; (2) the Envoy Gateway controller pod has outbound network egress to the attacker-controlled OCI registry - no registry allowlist is implemented in the codebase to prevent this; (3) the controller is running a vulnerable version (< 1.7.4 or >= 1.8.0-rc.0 and < 1.8.1); (4) the malicious OCI layer presents a Docker or OCI-compatible media type to pass content-type validation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) vector is consistent with the described attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A tenant with EnvoyExtensionPolicy RBAC create rights submits a policy with a Wasm image URL pointing to an attacker-operated OCI registry. The registry responds with a valid OCI manifest pointing to a tar layer containing a single entry whose PAX-extended header claims a 2 TB size while the actual stream contains only a few bytes. … |
| Remediation | Upgrade Envoy Gateway to version 1.8.1 (for deployments on the 1.8.x line) or 1.7.4 (for deployments on the 1.7.x line), per the vendor advisory at https://github.com/envoyproxy/gateway/security/advisories/GHSA-h7pq-86h8-rp5x. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-h7pq-86h8-rp5x