CyberRota
← Ana sayfaya dön

CVE-2026-48044

HIGH · CVSS 7.5 EPSS %0.49 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-26T18:16:59.767 · Çekilme zamanı: 2026-06-30T18:35:59.470972+00:00

CyberRota Yorumu

Bellek tüketimine neden olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit
GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-48044
Severity
HIGH
CVSS
7.5
EPSS
%0.49

Orijinal NVD Açıklaması

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation (ZstdDecompressorImpl). When zstd decompression is enabled, processing a specially crafted, highly compressed zstd payload can lead to massive memory allocation. An attacker can exploit this to cause severe memory exhaustion, potentially resulting in an Out-Of-Memory (OOM) kill and Denial of Service (DoS) for the Envoy proxy. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.