envoyproxy · guydc · Jan 31, 2026 · Jan 30, 2026
@@ -91,6 +91,10 @@ type EnvoyGatewaySpec struct {
 
 	// ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane.
 	//
+	// Warning: Enabling an Extension Server may lead to complete security compromise of your system.
+	// Users that control the Extension Server can inject arbitrary configuration to proxies,
+	// leading to high Confidentiality, Integrity and Availability risks.
+	//
 	// +optional
 	ExtensionManager *ExtensionManager `json:"extensionManager,omitempty"`
 
@@ -300,6 +304,10 @@ type Gateway struct {
 type ExtensionAPISettings struct {
 	// EnableEnvoyPatchPolicy enables Envoy Gateway to
 	// reconcile and implement the EnvoyPatchPolicy resources.
+	//
+	// Warning: Enabling `EnvoyPatchPolicy` may lead to complete security compromise of your system.
+	// Users with `EnvoyPatchPolicy` permissions can inject arbitrary configuration to proxies,
+	// leading to high Confidentiality, Integrity and Availability risks.
 	EnableEnvoyPatchPolicy bool `json:"enableEnvoyPatchPolicy"`
 	// EnableBackend enables Envoy Gateway to
 	// reconcile and implement the Backend resources.

@@ -1355,7 +1355,7 @@ EnvoyGateway is the schema for the envoygateways API.
 | `telemetry` | _[EnvoyGatewayTelemetry](#envoygatewaytelemetry)_ |  false  |  | Telemetry defines the desired control plane telemetry related abilities.<br />If unspecified, the telemetry is used with default configuration. |
 | `xdsServer` | _[XDSServer](#xdsserver)_ |  false  |  | XDSServer defines the configuration for the Envoy Gateway xDS gRPC server.<br />If unspecified, default connection keepalive settings will be used. |
 | `rateLimit` | _[RateLimit](#ratelimit)_ |  false  |  | RateLimit defines the configuration associated with the Rate Limit service<br />deployed by Envoy Gateway required to implement the Global Rate limiting<br />functionality. The specific rate limit service used here is the reference<br />implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit.<br />This configuration is unneeded for "Local" rate limiting. |
-| `extensionManager` | _[ExtensionManager](#extensionmanager)_ |  false  |  | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane. |
+| `extensionManager` | _[ExtensionManager](#extensionmanager)_ |  false  |  | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane.<br />Warning: Enabling an Extension Server may lead to complete security compromise of your system.<br />Users that control the Extension Server can inject arbitrary configuration to proxies,<br />leading to high Confidentiality, Integrity and Availability risks. |
 | `extensionApis` | _[ExtensionAPISettings](#extensionapisettings)_ |  false  |  | ExtensionAPIs defines the settings related to specific Gateway API Extensions<br />implemented by Envoy Gateway |
 | `gatewayAPI` | _[GatewayAPISettings](#gatewayapisettings)_ |  false  |  | GatewayAPI defines feature flags for experimental Gateway API resources.<br />These APIs live under the gateway.networking.x-k8s.io group and are opt-in. |
 | `runtimeFlags` | _[RuntimeFlags](#runtimeflags)_ |  true  |  | RuntimeFlags defines the runtime flags for Envoy Gateway.<br />Unlike ExtensionAPIs, these flags are temporary and will be removed in future releases once the related features are stable. |
@@ -1643,7 +1643,7 @@ _Appears in:_
 | `telemetry` | _[EnvoyGatewayTelemetry](#envoygatewaytelemetry)_ |  false  |  | Telemetry defines the desired control plane telemetry related abilities.<br />If unspecified, the telemetry is used with default configuration. |
 | `xdsServer` | _[XDSServer](#xdsserver)_ |  false  |  | XDSServer defines the configuration for the Envoy Gateway xDS gRPC server.<br />If unspecified, default connection keepalive settings will be used. |
 | `rateLimit` | _[RateLimit](#ratelimit)_ |  false  |  | RateLimit defines the configuration associated with the Rate Limit service<br />deployed by Envoy Gateway required to implement the Global Rate limiting<br />functionality. The specific rate limit service used here is the reference<br />implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit.<br />This configuration is unneeded for "Local" rate limiting. |
-| `extensionManager` | _[ExtensionManager](#extensionmanager)_ |  false  |  | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane. |
+| `extensionManager` | _[ExtensionManager](#extensionmanager)_ |  false  |  | ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane.<br />Warning: Enabling an Extension Server may lead to complete security compromise of your system.<br />Users that control the Extension Server can inject arbitrary configuration to proxies,<br />leading to high Confidentiality, Integrity and Availability risks. |
 | `extensionApis` | _[ExtensionAPISettings](#extensionapisettings)_ |  false  |  | ExtensionAPIs defines the settings related to specific Gateway API Extensions<br />implemented by Envoy Gateway |
 | `gatewayAPI` | _[GatewayAPISettings](#gatewayapisettings)_ |  false  |  | GatewayAPI defines feature flags for experimental Gateway API resources.<br />These APIs live under the gateway.networking.x-k8s.io group and are opt-in. |
 | `runtimeFlags` | _[RuntimeFlags](#runtimeflags)_ |  true  |  | RuntimeFlags defines the runtime flags for Envoy Gateway.<br />Unlike ExtensionAPIs, these flags are temporary and will be removed in future releases once the related features are stable. |
@@ -2011,7 +2011,7 @@ _Appears in:_
 
 | Field | Type | Required | Default | Description |
 | ---   | ---  | ---      | ---     | ---         |
-| `enableEnvoyPatchPolicy` | _boolean_ |  true  |  | EnableEnvoyPatchPolicy enables Envoy Gateway to<br />reconcile and implement the EnvoyPatchPolicy resources. |
+| `enableEnvoyPatchPolicy` | _boolean_ |  true  |  | EnableEnvoyPatchPolicy enables Envoy Gateway to<br />reconcile and implement the EnvoyPatchPolicy resources.<br />Warning: Enabling `EnvoyPatchPolicy` may lead to complete security compromise of your system.<br />Users with `EnvoyPatchPolicy` permissions can inject arbitrary configuration to proxies,<br />leading to high Confidentiality, Integrity and Availability risks. |
 | `enableBackend` | _boolean_ |  true  |  | EnableBackend enables Envoy Gateway to<br />reconcile and implement the Backend resources. |
 | `disableLua` | _boolean_ |  true  |  | DisableLua determines if Lua EnvoyExtensionPolicies should be disabled.<br />If set to true, the Lua EnvoyExtensionPolicy feature will be disabled. |
 

@@ -18,6 +18,25 @@ using [JSON Patch][] semantics.
 This API was introduced to allow advanced users to be able to leverage Envoy Proxy functionality
 not exposed by Envoy Gateway APIs today.
 
+## Security Warning
+
+{{% alert title="Security Warning" color="warning" %}}
+Enabling `EnvoyPatchPolicy` may lead to complete security compromise of your system.
+Users with `EnvoyPatchPolicy` permissions can inject arbitrary configuration to proxies,
+leading to high Confidentiality, Integrity and Availability risks.  
+
+Injected configuration may include arbitrary code executed by the proxy without any isolation. Such code may be used
+to launch SSRF attacks, as well as allow users to gain access to proxy credentials as described in [CVE-2026-22771][].
+With such access, users can fetch the complete proxy configuration, including secrets and cluster network topology.
+
+When enabling `EnvoyPatchPolicy`, additional security measures should be taken by admins to reduce security risks, including:  
+* Using K8s [RBAC][] to restrict access to `EnvoyPatchPolicy`.
+* Disabling envoy extensions which are not needed with envoy [command line options][].
+* Implementing Kubernetes [network policies][] that restrict traffic from the proxy pod only to relevant targets.
+* Use [admission control][] tools to validate `EnvoyPatchPolicy` resources, ensuring that only approved patches admitted.
+* Audit `EnvoyPatchPolciy` resources periodically, and [audit log][] `EnvoyPatchPolicy` API server operations.
+{{% /alert %}}
+
 ## Quickstart
 
 ### Prerequisites
@@ -504,6 +523,12 @@ across versions for these reasons
 such as changing the `name` field of resources.
 
 [EnvoyPatchPolicy]: ../../../api/extension_types#envoypatchpolicy
+[CVE-2026-22771]: https://github.com/envoyproxy/gateway/security/advisories/GHSA-xrwg-mqj6-6m22
+[RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+[command line options]: ../operations/customize-envoyproxy/#customize-envoyproxy-command-line-options
+[network policies]: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+[admission control]: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
+[audit log]: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/
 [EnvoyGateway]: ../../../api/extension_types#envoygateway
 [JSON Patch]: https://datatracker.ietf.org/doc/html/rfc6902
 [xDS]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/dynamic_configuration

@@ -24,6 +24,23 @@ Envoy Gateway Extension Server provides a mechanism where Envoy Gateway tracks a
 resources and then calls a set of hooks that allow the generated xDS configuration to be
 modified before it is sent to Envoy Proxy. See the [design documentation][] for full details.
 
+## Security Warning
+
+{{% alert title="Security Warning" color="warning" %}}
+Enabling an Extension Server may lead to complete security compromise of your system.
+Users that control the Extension Server can inject arbitrary configuration to proxies,
+leading to high Confidentiality, Integrity and Availability risks.
+
+Injected configuration may include arbitrary code executed by the proxy without any isolation. Such code may be used
+to launch SSRF attacks, as well as allow users to gain access to proxy credentials as described in [CVE-2026-22771][].
+With such access, users can fetch the complete proxy configuration, including secrets and cluster network topology.
+
+When enabling Extension Server, additional security measures should be taken by admins to reduce security risks, including:
+* Using K8s [RBAC][] to restrict access to the Envoy Gateway Configuration as well as the Extension Server deployment.
+* Disabling envoy extensions which are not needed with envoy [command line options][].
+* Implementing Kubernetes [network policies][] that restrict traffic from the proxy pod only to relevant targets.
+  {{% /alert %}}
+
 ## Extension Hooks Overview
 
 Envoy Gateway provides several extension hooks that are called at different stages of the xDS translation process. These hooks allow extensions to modify various aspects of the generated xDS configuration:
@@ -319,4 +336,8 @@ $ curl -v http://${GATEWAY_HOST}/example  -H "Host: www.example.com"   --user 'u
 
 [xDS]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/dynamic_configuration
 [design documentation]: /contributions/design/extending-envoy-gateway
+[CVE-2026-22771]: https://github.com/envoyproxy/gateway/security/advisories/GHSA-xrwg-mqj6-6m22
+[RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+[command line options]: ../operations/customize-envoyproxy/#customize-envoyproxy-command-line-options
+[network policies]: https://kubernetes.io/docs/concepts/services-networking/network-policies/
 [SecurityPolicy]: /latest/api/extension_types/#securitypolicy