A vulnerability marked as critical has been reported in envoyproxy envoy up to 1.37.4/1.38.2 . Affected is an unknown function. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-48090 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.