Strix
26.1K

CVE-2026-48042

HIGHCVSS 7.5/10

Last modified

CVE-2026-48042 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present.

Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Undergoing Analysis

Frequently Asked Questions

What is CVE-2026-48042?
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.
How severe is CVE-2026-48042?
CVE-2026-48042 has a CVSS score of 7.5/10 (HIGH severity).
How do I fix CVE-2026-48042?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-48042?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST