CVE-2026-47774: 
Envoy 脆弱性の分析と軽減

CVE-2026-47774 is an HTTP/2 memory exhaustion vulnerability in Envoy Proxy, caused by a combination of cookie header size bypass and HPACK amplification during downstream request processing. It allows an unauthenticated remote attacker to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. Affected versions include all Envoy releases prior to 1.35.11, 1.36.0–1.36.6, 1.37.0–1.37.2, and 1.38.0. The vulnerability was published on June 17, 2026, with the advisory first released on June 3, 2026. It carries a CVSS v3.1 base score of 7.5 (High) (GitHub Advisory, Feedly).

The vulnerability stems from two compounding weaknesses (CWE-405: Asymmetric Resource Consumption, CWE-770: Allocation of Resources Without Limits or Throttling). First, cookie header fragments in HTTP/2 requests are buffered separately and merged only after request header size validation completes, meaning buffered cookie bytes are not fully counted against the max_request_headers_kb limit. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded byte size rather than decoded header size, allowing an attacker to use dynamic table references to keep encoded representations small while causing much larger decoded allocations in memory. When combined, a malicious client can force Envoy to retain large per-stream allocations; HTTP/2 flow-control stalling can further extend stream lifetime and delay memory reclamation, amplifying the attack's effectiveness. In testing, an Envoy process under a 3 GiB memory limit was OOM-killed within seconds using a limited number of HTTP/2 connections (GitHub Advisory, oss-security).

Successful exploitation results in denial of service through OOM termination of the Envoy process, with no confidentiality or integrity impact. In containerized environments, this manifests as exit status 137 (SIGKILL). A secondary effect is that oversized decoded cookies forwarded upstream can exceed upstream service header limits, potentially causing upstream HTTP/2 connection resets and transient request failures for legitimate users. The attack is automatable and requires no authentication or user interaction, making it particularly dangerous for internet-facing Envoy deployments and service meshes such as Istio and Red Hat OpenShift Service Mesh (GitHub Advisory, Feedly).

1. Reconnaissance: Identify internet-facing Envoy proxy instances accepting HTTP/2 downstream connections, using tools like Shodan or Censys, targeting versions prior to 1.35.11, 1.36.7, 1.37.3, or 1.38.1.
2. Establish HTTP/2 connections: Open multiple HTTP/2 connections to the target Envoy instance. The attack is effective with a limited number of connections and streams.
3. Craft malicious HPACK-encoded cookie headers: Construct HTTP/2 HEADERS frames containing cookie headers that use HPACK dynamic table references to keep the encoded representation small while referencing large decoded cookie values, exploiting the asymmetry between encoded and decoded sizes in oghttp2/quiche.
4. Bypass header size validation: Send cookie header fragments that are buffered separately by Envoy and merged after max_request_headers_kb validation, causing oversized cookie data to bypass the intended size limit.
5. Amplify with flow-control stalling: Use HTTP/2 flow-control mechanisms (e.g., sending WINDOW_UPDATE frames sparingly) to stall streams and extend their lifetime, preventing per-stream memory from being reclaimed and sustaining memory pressure.
6. Trigger OOM termination: Sustain concurrent streams with large decoded cookie allocations until Envoy's memory is exhausted, resulting in OOM termination (exit status 137 in containers) and denial of service (GitHub Advisory, oss-security).

• Process: Rapid or sustained abnormal memory growth in the Envoy process; OOM termination of the Envoy process, including exit status 137 in containerized/Kubernetes environments.
• Network: Unusual HTTP/2 traffic patterns involving repeated indexed cookie references in HEADERS frames; high volume of concurrent HTTP/2 streams from a small number of clients; connections with minimal WINDOW_UPDATE frames (flow-control stalling).
• Logs: Envoy access logs showing streams with abnormally large cookie header values; upstream HTTP/2 connection reset errors caused by oversized forwarded cookie headers; container orchestration logs (e.g., Kubernetes) recording OOMKilled events for Envoy pods (GitHub Advisory).

Upgrade Envoy to one of the patched versions: 1.35.11, 1.36.7, 1.37.3, or 1.38.1, which address both the cookie header size accounting gap and the HPACK decoded-size enforcement gap. No complete workaround exists short of applying the fix. Temporary mitigations include: disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie size limits at an upstream WAF or load balancer before traffic reaches Envoy; and monitoring Envoy process memory for abnormal growth under HTTP/2 traffic. Red Hat has released errata (RHSA-2026:26210, RHSA-2026:26247, RHSA-2026:26231, RHSA-2026:27114) for affected OpenShift Service Mesh products. Amazon Linux 2023 and Amazon Linux 2 ECS users should apply the corresponding ALAS advisories (GitHub Advisory, Feedly).

The vulnerability was part of a broader disclosure of HTTP/2 bomb attacks affecting multiple server implementations including Apache httpd, nginx, Envoy, and Pingora, discussed on the oss-security mailing list. A blog post at blog.calif.io noted that fix commits are public and that the commit-to-exploit path is short enough that capable AI models can derive working exploits from the diffs, prompting the authors to release mitigations proactively. Istio released updated versions (1.30.1, 1.29.4, 1.28.8) incorporating the Envoy fix, and Red Hat issued multiple security errata for OpenShift Service Mesh. The vulnerability was credited to researcher Ryoga Yamashita (oss-security, GitHub Advisory).