CVE-2026-48497
Received Received - Intake
Denial of Service in Envoy Proxy

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long can complete successfully, a query with such name will result in abnormal process termination. The abnormal process termination is triggered by an invalid runtime precondition that the query name is strictly less than 255 octets, contradicting DNS specification rfc1035#section-2.3.4 that the name can be 255 or less octets. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-48497
EUVD
EUVD-2026-39821
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
envoyproxy envoy to 1.39 (exc)
envoyproxy envoy 1.35.13
envoyproxy envoy 1.36.9
envoyproxy envoy 1.37.5
envoyproxy envoy 1.38.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-480 The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48497 is a vulnerability in Envoy Proxy that causes abnormal process termination when processing DNS queries containing a name with a length of 255 octets.

This happens when the DNS UDP filter is configured for local or remote resolution of such names. The issue arises because the software incorrectly assumes that query names must be strictly less than 255 octets, which contradicts the DNS specification (RFC 1035) that allows names up to 255 octets.

As a result, when a DNS query with a 255-octet name is processed successfully, the process terminates abnormally due to this invalid runtime precondition.

Impact Analysis

This vulnerability can lead to a denial of service (DoS) by causing the Envoy process to terminate unexpectedly when handling specially crafted DNS queries.

An attacker can exploit this by sending a DNS query with a 255-octet name that the DNS filter resolves, triggering the abnormal termination.

The primary impact is on availability, potentially disrupting services that rely on Envoy Proxy.

Detection Guidance

This vulnerability can be detected by monitoring Envoy Proxy instances for abnormal process termination events triggered by DNS queries containing names of exactly 255 octets.

Specifically, detection involves checking if the UDP DNS filter in Envoy is configured for local or remote resolution and observing if queries with 255-octet long names cause crashes or process restarts.

While no explicit commands are provided in the resources, you can use network monitoring tools or packet capture utilities (e.g., tcpdump or Wireshark) to identify DNS queries with names of 255 octets sent to your Envoy instances.

  • Use tcpdump to capture DNS UDP traffic: tcpdump -i <interface> udp port 53
  • Analyze captured DNS queries for names with length 255 octets using Wireshark or custom scripts.
  • Check Envoy logs for abnormal process termination or crashes related to DNS queries.
Mitigation Strategies

The immediate mitigation step is to upgrade Envoy Proxy to a patched version where this vulnerability is fixed.

The vulnerability is fixed in Envoy versions 1.35.13, 1.36.9, 1.37.5, and 1.38.3 or later.

Until the upgrade can be performed, consider disabling or restricting the UDP DNS filter feature or filtering out DNS queries with names of 255 octets to prevent triggering the abnormal process termination.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48497. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart