Advertisement
Security

Envoy Gateway Authentication Bypass Leads to Secret Disclosure

A critical vulnerability in Envoy Gateway allows attackers to bypass path validation and access sensitive files on the gateway controller pod.

··1 hour ago·1 min read
a rack of servers in a server room
Photo by Kevin Ache on Unsplash
Advertisement

A critical security vulnerability, identified as CVE-2026-53713, affects Envoy Gateway. The flaw exists in the to_absolute_normalized_path function, which fails to correctly collapse redundant path separators. Because the security validation logic does not account for double-slash variants, attackers can bypass critical path checks to read arbitrary files from the gateway controller pod's filesystem.

This vulnerability, rated with a CVSS score of 9.1, permits the unauthorized retrieval of sensitive data including Kubernetes service account tokens, TLS certificates, and process environment variables. These credentials can subsequently be leveraged to access the Kubernetes API Server or the Gateway XDS server.

Users are urged to update to patched versions v1.7.4 or v1.8.1 to mitigate this risk. The fix ensures that redundant path separators are properly normalized and that directory traversal attempts are rejected. Additional risk reduction measures can be found in the official Lua documentation for Envoy Gateway.

#envoy gateway#cve-2026-53713#authentication bypass#security advisory

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement