CVE-2026-53718

ADVISORY - github

Summary

Impact

Envoy Gateway accepts extension-managed custom backendRefs from an HTTPRoute to a backend resource in another namespace without requiring a matching Gateway API ReferenceGrant in the target namespace. This breaks the Gateway API cross-namespace consent model: the namespace that owns the referenced backend resource does not need to opt in with a ReferenceGrant before another namespace’s HTTPRoute can use that resource.

Patches

1.7.4 1.8.1

EPSS Score: 0.00043 (0.135)

Common Weakness Enumeration (CWE)

ADVISORY - github

Missing Authorization


GitHub

CREATED

UPDATED

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.4medium