{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-47774/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T18:01:59.116Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-47774","@id":"https://www.cve.org/CVERecord?id=CVE-2026-47774","description":"Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request he"},"products":[{"@id":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-17T18:01:59.116Z"}]}