Description

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.

INFO

Published Date :

2026-03-10T19:04:21.384Z

Last Modified :

2026-03-10T20:12:40.483Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-26309 vulnerability.

Vendors Products
Envoyproxy
  • Envoy
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26309.

URL Resource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-56cj-wgg3-x943 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact