CVE-2026-26311: 
Envoy 脆弱性の分析と軽減

CVE-2026-26311 is a Use-After-Free (UAF) vulnerability in Envoy's HTTP connection manager (FilterManager) that enables "Zombie Stream Filter Execution" — where filter callbacks are invoked on HTTP streams that have already been logically reset and cleaned up. It was originally reported to the Google OSS VRP (Issue ID: 477542544) and publicly disclosed on March 10, 2026. Affected versions include Envoy prior to 1.34.13, 1.35.0–1.35.7, 1.36.0–1.36.4, and 1.37.0; fixed versions are 1.34.13, 1.35.8, 1.36.5, and 1.37.1. The CVSS v3.1 base score is 5.9 (Medium) (GitHub Advisory, Envoy Advisory).

The root cause (CWE-416: Use After Free) resides in source/common/http/filter_manager.cc within the FilterManager::decodeData method. When an HTTP/2 stream is reset (e.g., via StreamIdleTimeout, OverloadManager limits, or a filter-triggered local reset), onResetStream sets state_.saw_downstream_reset_ = true, calls onDestroy() on all filters (freeing their internal resources), and schedules the ActiveStream object for deferred deletion. However, because the ActiveStream object remains valid in memory during the deferred deletion window, a DATA frame arriving on the same stream in the same packet processing cycle causes the HTTP/2 codec to invoke ActiveStream::decodeData, which cascades to FilterManager::decodeData — which critically fails to check the saw_downstream_reset_ flag before iterating over decoder_filters_ and calling decodeData() on already-destroyed filter objects. The fix is to add an early-exit guard: if (state_.saw_downstream_reset_) { return; } at the start of FilterManager::decodeData. A public C++ unit test PoC (zombie_stream_poc_test.cc) deterministically reproduces the issue (Envoy Advisory).

The primary impact is a Denial of Service (DoS) — an unauthenticated remote attacker can crash the Envoy proxy by sending HTTP/2 DATA frames on recently-reset streams, triggering undefined behavior in freed filter objects. In more sophisticated scenarios involving heap grooming, the UAF primitive could theoretically enable vtable hijacking or arbitrary write-what-where primitives, potentially escalating to Remote Code Execution (RCE), particularly in deployments using memory-unsafe C++ extensions or third-party filters. Additionally, the vulnerability can bypass Envoy's fail-closed security architecture, allowing malicious payloads to reach deeper into the filter chain or backend services even after a security policy explicitly terminated the stream (Envoy Advisory, GitHub Advisory).

1. Reconnaissance: Identify internet-facing Envoy proxy instances running vulnerable versions (prior to 1.34.13, 1.35.8, 1.36.5, or 1.37.1) using network scanning tools or service fingerprinting. Confirm HTTP/2 support is enabled.
2. Establish HTTP/2 connection: Open an HTTP/2 connection to the target Envoy instance and initiate a new stream by sending a HEADERS frame (e.g., a POST request to any endpoint).
3. Trigger stream reset: Cause the stream to be reset by Envoy — this can be achieved by inducing a StreamIdleTimeout, triggering OverloadManager limits, or sending a request that causes a filter to issue a local reset. This causes Envoy to call onResetStream, which invokes onDestroy() on all filters and schedules the ActiveStream for deferred deletion.
4. Inject DATA frame on zombie stream: In the same packet processing cycle (before the deferred deletion executes), send a DATA frame on the now-reset stream. Due to the missing saw_downstream_reset_ check in FilterManager::decodeData, the codec will invoke decodeData() on already-destroyed filter objects.
5. Achieve DoS or further exploitation: The invocation of callbacks on freed filter objects triggers undefined behavior, causing an Envoy crash (DoS). In advanced scenarios with heap grooming, an attacker could attempt to replace freed filter memory with a controlled payload to achieve RCE via vtable hijacking (Envoy Advisory).

• Network: Anomalous HTTP/2 DATA frames sent on streams that have already received RST_STREAM frames; repeated HTTP/2 connections from the same source IP with rapid stream open/reset/data patterns.
• Logs: Envoy crash logs or core dumps referencing FilterManager::decodeData or ActiveStream::decodeData; error log entries containing messages such as decodeData called on a reset stream; unexpected Envoy process restarts.
• Process: Envoy worker process crashes or restarts (observable via process monitoring or container orchestration restart counts); abnormal memory access violations in Envoy process logs.
• Application: Envoy access logs showing streams with reset conditions (e.g., StreamIdleTimeout, OverloadManager) immediately followed by data processing events on the same stream ID (Envoy Advisory).

Upgrade Envoy to one of the patched versions: 1.34.13, 1.35.8, 1.36.5, or 1.37.1. Version 1.37.0 is specifically vulnerable and should be avoided. For organizations unable to patch immediately, the advisory recommends monitoring for anomalous HTTP/2 traffic patterns and considering rate-limiting or filtering of reset stream conditions at the network edge. The fix adds an explicit saw_downstream_reset_ state check at the beginning of FilterManager::decodeData to prevent filter callback execution on logically dead streams (Envoy Advisory, GitHub Advisory).

The vulnerability was originally reported to the Google OSS VRP and subsequently coordinated directly with Envoy maintainers, reflecting standard responsible disclosure practices for open-source infrastructure projects. The Istio project released version 1.28.5 referencing this CVE, indicating downstream impact on service mesh deployments. Amazon Web Services published an advisory (ALAS2ECS-2026-100) for Amazon Linux 2 ECS environments, and Tenable added detection coverage via Nessus plugin 304587. No significant public researcher commentary or social media discussion beyond standard vulnerability tracking has been observed.