Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-26308

Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation
Back to all
CVE

CVE-2026-26308

Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated string. This behavior allows attackers to bypass RBAC policies—specifically "Deny" rules—by sending duplicate headers, effectively obscuring the malicious value from exact-match mechanisms. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26308.json, https://github.com/envoyproxy/envoy/security/advisories/GHSA-ghc4-35x6-crw5, https://nvd.nist.gov/vuln/detail/CVE-2026-26308, https://github.com/envoyproxy/envoy/commit/b6ba0b2294b98484fb0ed8556897d1073cc27867

Severity

7.5

CVSS Score
0
10

Basic Information

Base CVSS
7.5
EPSS Probability
0.00003%
EPSS Percentile
0.00134%
Introduced Version
6d9bb7d9a85d616b220d1f8fe67b61f82bbdb8d3,63ee0dc79dce88117c6bd2df5a742f8eb67ea980,84305a6cb64bd55aaf606bdd53de7cd6080427a1,0
Fix Available
5ef4e4cea57f63e7e2970b9c1ad696278db927d6,41749943780b54b70b510b1b1a4805ae529e174a,75e220883447543d35571aecae826d7b1a2646b9,7c0fda3dc457de6ee4585e8129e3f5728d65f367,0:v1.34.13.0-1.amzn2,0:v1.34.13.0-1.amzn2023

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading