Use of a broken or risky cryptographic algorithm in envoy - CVE-2026-47775
Published: June 24, 2026
Vulnerability identifier: #VU135117
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-47775
CWE-ID: CWE-327
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cloud Native Computing Foundation
Affected software:
envoy
envoy
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and act as the victim.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in the OAuth2 HTTP filter /callback handler and cookie decryption logic when handling crafted CodeVerifier cookies. A remote attacker can send a sequence of specially crafted requests to recover the plaintext PKCE code_verifier and use it to obtain the victim's access token to disclose sensitive information and act as the victim.
User interaction is required for the victim to initiate the OAuth2 login flow, and exploitation requires access to the victim's encrypted CodeVerifier cookie and authorization code.
How to mitigate CVE-2026-47775
Install security update from vendor's website.