What is CVE-2026-47692?

CVE-2026-47692 is a medium-severity vulnerability in Envoyproxy Envoy, classified under Improper Handling of Length Parameter Inconsistency. CVSS score: 4.8/10. Published 2026-06-26.

How severe is CVE-2026-47692?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Envoyproxy Envoy

CVE-2026-47692

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a…

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L.

Affected products

Envoyproxy Envoy — versions >= 1.38.0, < 1.38.3, >= 1.37.0, < 1.37.5, >= 1.36.0, < 1.36.9

Weakness classification (CWE)

CWE-130 — Improper Handling of Length Parameter Inconsistency

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-47692?: CVE-2026-47692 is a medium-severity vulnerability in Envoyproxy Envoy, classified under Improper Handling of Length Parameter Inconsistency. CVSS score: 4.8/10. Published 2026-06-26.
How severe is CVE-2026-47692?: Medium severity. CVSS v3 base score is 4.8 out of 10.