CVEFinder.io

CVE-2026-48042

⚠️ high
🔍 Scan for this CVE
Summary

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.

CVSS Score
7.5
High
EPSS Score
0.5
Exploit Probability
Published Date
2026-06-26
First Seen: 2026-06-27
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,245 vulnerabilities in our database.

#102,662
Above average severity
Severity Percentile
Last Modified 2026-06-26
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-1124

📦 Affected Products 0

No affected products information available

🔗 References 2

https://github.com/envoyproxy/envoy/blob/099a9d71ebf...
https://github.com/envoyproxy/envoy/security/advisor...