Structural Flaw in Envoy Proxy Affects DNS Certificate Validation
CVE-2026-47778

4.4MEDIUM

Key Information:

Vendor: Envoyproxy
Status: Envoy
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-47778?

A structural flaw in Envoy Proxy's DNS certificate validation mechanism has been identified, specifically in the DefaultCertValidator::verifySubjectAltName function. This issue allows an attacker to exploit the validation process by serving a certificate with a dNSName Subject Alternative Name (SAN) that contains an embedded NUL byte. When the string is processed during validation, the .c_str() method evaluates it in a way that relies on the length of the string, inadvertently truncating it before passing it to the Utility::dnsNameMatch() algorithm. This flaw leads to improper validation of the DNS name, allowing flawed certificates to pass verification and potentially enabling upstream routing incidents. This vulnerability is rectified in versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 of Envoy Proxy.

Affected Version(s)

envoy >= 1.38.0, < 1.38.1 < 1.38.0, 1.38.1

envoy >= 1.37.0, < 1.37.3 < 1.37.0, 1.37.3

envoy >= 1.36.0, < 1.36.7 < 1.36.0, 1.36.7

References

https://github.com/envoyproxy/envoy/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47778 Data

JSON

Envoyproxy

What is CVE-2026-47778?

Affected Version(s)

References

CVSS V3.1

Timeline