A vulnerability was found in envoyproxy envoy up to 1.35.10/1.36.6/1.37.2/1.38.0 and classified as problematic . The affected element is an unknown function of the component JSON Object Handler . Such manipulation leads to excessively deep nesting. This vulnerability is documented as CVE-2026-48042 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.