CVE-2026-26310: Crash for scoped ip address in Envoy during DNS

Published Mar 10, 2026
·
Updated

### Summary Calling `Utility::getAddressWithPort` with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. ### Details The crashing function is `Utility::getAddressWithPort`. The crash occurs if a string containing a scoped IPv6 address is passed to this function. This vulnerability affects: 1. The **original src filter**: If the filter is configured and the original source is a scoped IPv6 address, it will cause a crash. 2. **DNS response address resolution**: If a DNS response contains a scoped IPv6 address, this will also trigger the crash. ### PoC To reproduce the vulnerability: 1. **Method A (Original Src Filter):** Configure the `original src` filter in Envoy and provide a scoped IPv6 address as the original source. 2. **Method B (DNS Resolution):** Trigger a DNS resolution process within Envoy where the DNS response contains a scoped IPv6 address. ### Impact This is a Denial of Service (DoS) vulnerability. It impacts users who have the `original src` filter configured or whose Envoy instances resolve addresses from DNS responses that may contain scoped IPv6 addresses.

Affected Software

8 affected components
go/github.com/envoyproxy/envoy<=1.34.12
go/github.com/envoyproxy/envoy>=1.35.0<=1.35.8
go/github.com/envoyproxy/envoy>=1.36.0<=1.36.4
go/github.com/envoyproxy/envoy=1.37.0
Envoyproxy Envoy<1.34.13
Envoyproxy Envoy>=1.35.0<1.35.8
Envoyproxy Envoy>=1.36.0<1.36.5
Envoyproxy Envoy=1.37.0

Event History

Mar 10, 2026
Advisory Published
via GitHub·06:16 PM
Data Sourced
via GitHub·06:16 PM
DescriptionSeverityWeaknessAffected Software
CVE Published
via MITRE·07:08 PM
Data Sourced
via MITRE·07:08 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-26310?

CVE-2026-26310 has a high severity due to the potential for a crash when handling scoped IPv6 addresses.

2

How do I fix CVE-2026-26310?

To mitigate CVE-2026-26310, upgrade Envoy to a version above 1.34.12, 1.35.8, 1.36.4, or 1.37.0.

3

Which versions of Envoy are affected by CVE-2026-26310?

CVE-2026-26310 affects Envoy versions 1.34.12 and below, as well as versions from 1.35.0 to 1.35.8, 1.36.0 to 1.36.4, and exactly 1.37.0.

4

What components trigger the CVE-2026-26310 vulnerability?

The vulnerability in CVE-2026-26310 is triggered by calling Utility::getAddressWithPort, specifically from the original_src and dns filters.

5

Can CVE-2026-26310 lead to denial of service?

Yes, CVE-2026-26310 can lead to denial of service due to the crash when processing specific IPv6 address inputs.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203