CVE-2026-47775
Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 on successful decryption and HTTP 401 on padding failure, creating a padding oracle. An attacker who obtains the encrypted CodeVerifier cookie can recover the plaintext PKCE code_verifier in ~6,200 requests (~100 seconds), then exchange it with a stolen authorization code to obtain the victim's access token. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
INFO
Published Date :
June 26, 2026, 5:23 p.m.
Last Modified :
June 26, 2026, 5:23 p.m.
Remotely Exploit :
Yes !
Source :
GitHub_M
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | MITRE-CVE | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update Envoy to version 1.35.11 or later.
- Update Envoy to version 1.36.7 or later.
- Update Envoy to version 1.37.3 or later.
- Update Envoy to version 1.38.1 or later.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-47775 vulnerability anywhere in the article.