← All advisoriesModerate severityNVD Advisory· Published Jun 26, 2026Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)CVE-2026-48090DescriptionEnvoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)Affected products1Envoy/envoyllm-fuzzyPatchesVulnerability mechanicsNews mentions0No linked articles in our index yet.
