A vulnerability, which was classified as problematic , was found in envoyproxy envoy up to 1.35.12/1.36.8/1.37.4/1.38.2 . This issue affects some unknown processing of the component PATCH Request Handler . The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-47221 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.