Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

668 matches found

RedhatCVE
RedhatCVEadded 2026/05/25 11:26 p.m.7 views

CVE-2026-41413

A flaw was found in Istio. When a RequestAuthentication resource is created with a jwksUri JSON Web Key Set Uniform Resource Identifier that points to an internal service, istiod the Istio control plane daemon makes an unauthenticated HTTP GET request to that URL. This request does not properly...

7.7CVSS5.7AI score0.00027EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.4 views

PT-2026-42178

CVE-2026-47237 – Overly Permissive Istio Permissions Allow Kubeflow Authorization Token Stealing https://t.co/NYDWRfbN4F...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/18 1:55 p.m.1 views

CLEANSTART-2026-ID81656 Security fixes for CVE-2025-15558, CVE-2026-33186, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 1.29.0-r0, 1.29.0-r1, 1.29.1-r0

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.00023EPSS
Exploits1References7
OSV
OSVadded 2026/05/18 1:20 p.m.1 views

CLEANSTART-2026-IS19112 Security fixes for CVE-2025-15558, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-hfvc-g4fc-pqhx, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 1.29.0-r0, 1.29.0-r1, 1.29.1-r0, 1.29.1-r1

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.8AI score0.00035EPSS
Exploits2References29
Wolfi
Wolfiadded 2026/05/14 7:48 p.m.10 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, telegraf, mcp-grafana, metrics-server, istio, opentelemetry-collector-contrib, karma, prometheus, splunk-otel-collector, loki, mc, certificate-transparency, opentelemetry-operator, node-problem-detector, trillian, jaeger, prometheus-pushgateway,...

5.1CVSS5.8AI score0.00052EPSS
Exploits0
Chainguard
Chainguardadded 2026/05/14 7:17 p.m.11 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: beats-fips, certificate-transparency-fips, fluent-bit-plugin-loki, karma, ld-relay, metrics-server, minio, nrdot-collector-k8s, mcp-grafana, opentelemetry-collector, prometheus-pushgateway-fips, splunk-otel-collector-fips, datadog-agent-fips, loki, prometheus,...

5.1CVSS5.8AI score0.00052EPSS
Exploits0
NVD
NVDadded 2026/05/07 6:16 a.m.7 views

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

7.7CVSS0.00027EPSS
Exploits0References3
CVE
CVEadded 2026/05/07 4:18 a.m.6 views

CVE-2026-41413

CVE-2026-41413 affects Istio: when a RequestAuthentication jwksUri points to an internal resource, istiod makes unauthenticated HTTP GET requests without filtering localhost/link-local IPs, risking SSRF and data exposure to Envoy proxies via xDS. Patched in Istio 1.28.6 and 1.29.2; upgrade to tho...

7.7CVSS5.7AI score0.00027EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/07 4:18 a.m.4 views

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00027EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/07 4:18 a.m.5 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00027EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/07 4:18 a.m.31 views

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS0.00027EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/07 4:18 a.m.3 views

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00027EPSS
Exploits0References4Affected Software1
Chainguard
Chainguardadded 2026/05/07 1:17 a.m.5 views

GHSA-FGW5-HP8F-XFHC vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr...

5.8AI score
Exploits0
Chainguard
Chainguardadded 2026/05/07 1:17 a.m.9 views

CVE-2026-41413 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr...

7.7CVSS5.8AI score0.00027EPSS
Exploits0
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.4 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00027EPSS
Exploits0References1
Wolfi
Wolfiadded 2026/05/06 7:48 p.m.9 views

CVE-2026-41413 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr...

7.7CVSS5.8AI score0.00027EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2026/04/29 12:20 p.m.3 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.15

Red Hat OpenShift Service Mesh 2.6.15 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

9.8CVSS7.4AI score0.00044EPSS
Exploits0References12
RedHat Linux
RedHat Linuxadded 2026/04/21 5:12 p.m.6 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.10

Red Hat OpenShift Service Mesh 3.0.10 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

9.8CVSS7.8AI score0.00063EPSS
Exploits1References10
Chainguard
Chainguardadded 2026/04/18 1:17 p.m.3 views

CVE-2026-39350 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr-fips, cert-manager-istio-csr...

5.4CVSS5.8AI score0.00011EPSS
Exploits0
Chainguard
Chainguardadded 2026/04/18 1:17 p.m.3 views

GHSA-9GCG-W975-3RJH vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr-fips, cert-manager-istio-csr...

5.8AI score
Exploits0
Rows per page
Query Builder