CVE-2026-47775
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 on successful decryption and HTTP 401 on padding failure, creating a padding oracle. An attacker who obtains the encrypted CodeVerifier cookie can recover the plaintext PKCE code_verifier in ~6,200 requests (~100 seconds), then exchange it with a stolen authorization code to obtain the victim's access token. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| envoyproxy | envoy | >= 1.38.0, < 1.38.1 | affected |
| envoyproxy | envoy | >= 1.37.0, < 1.37.3 | affected |
| envoyproxy | envoy | >= 1.36.0, < 1.36.7 | affected |
| envoyproxy | envoy | < 1.35.11 | affected |
Weaknesses
- CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information
- CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.