diff --git a/.changelog/20586.txt b/.changelog/20586.txt
new file mode 100644
index 0000000000000..107db1f921136
--- /dev/null
+++ b/.changelog/20586.txt
@@ -0,0 +1,3 @@
+```release-note:security
+mesh: Update Envoy version to 1.26.7 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76)
+```
diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml
index 31bd07181be7e..353a3eca6d118 100644
--- a/.github/workflows/test-integrations-windows.yml
+++ b/.github/workflows/test-integrations-windows.yml
@@ -62,7 +62,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: [ "1.27.2" ]
+        envoy-version: [ "1.27.3" ]
         xds-target: [ "server", "client" ]
     env:
       ENVOY_VERSION: ${{ matrix.envoy-version }}
diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml
index 15b24d3f6ec96..9cf687ea18b0a 100644
--- a/.github/workflows/test-integrations.yml
+++ b/.github/workflows/test-integrations.yml
@@ -269,8 +269,8 @@ jobs:
         env:
           # this is further going to multiplied in envoy-integration tests by the
           # other dimensions in the matrix.  Currently TOTAL_RUNNERS would be
-          # multiplied by 8 based on these values:
-          # envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.6"]
+          # multiplied by 2 based on these values:
+          # envoy-version: ["1.26.7"]
           # xds-target: ["server", "client"]
           TOTAL_RUNNERS: 4
           JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]'
@@ -305,7 +305,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        envoy-version: ["1.26.6"]
+        envoy-version: ["1.26.7"]
         xds-target: ["server", "client"]
         test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }}
     env:
diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go
index a86105e848cde..49ebe12e3d07a 100644
--- a/envoyextensions/xdscommon/envoy_versioning_test.go
+++ b/envoyextensions/xdscommon/envoy_versioning_test.go
@@ -154,7 +154,7 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
 		"1.23.0", "1.23.1", "1.23.2", "1.23.3", "1.23.4", "1.23.5", "1.23.6", "1.23.7", "1.23.8", "1.23.9", "1.23.10", "1.23.11", "1.23.12",
 		"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10", "1.24.11", "1.24.12",
 		"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", "1.25.10", "1.25.11",
-		"1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", "1.26.5", "1.26.6",
+		"1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", "1.26.5", "1.26.6", "1.26.7",
 	} {
 		cases[v] = testcase{expect: SupportedProxyFeatures{}}
 	}
diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go
index e2295cf985cf8..9439a44df2609 100644
--- a/envoyextensions/xdscommon/proxysupport.go
+++ b/envoyextensions/xdscommon/proxysupport.go
@@ -12,7 +12,7 @@ import "strings"
 //
 // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
 var EnvoyVersions = []string{
-	"1.26.6",
+	"1.26.7",
 	"1.25.11",
 	"1.24.12",
 	"1.23.12",
diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx
index f51b3c3b3bc87..5d3450ffb5557 100644
--- a/website/content/docs/connect/proxies/envoy.mdx
+++ b/website/content/docs/connect/proxies/envoy.mdx
@@ -39,7 +39,7 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
 
 | Consul Version      | Compatible Envoy Versions                                                          |
 | ------------------- | -----------------------------------------------------------------------------------|
-| 1.16.x              | 1.26.6, 1.25.11, 1.24.12, 1.23.12                                                  |
+| 1.16.x              | 1.26.7, 1.25.11, 1.24.12, 1.23.12                                                  |
 | 1.15.x              | 1.25.11, 1.24.12, 1.23.12, 1.22.11                                                 |
 | 1.14.x              | 1.24.12, 1.23.12, 1.22.11, 1.21.6                                                  |