CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

SUSE CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy's setCopy header map API does not replace all existing occurences of a non-inline header...