PT-2026-33182

Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...

CVE-2026-31837

CVE-2026-31837 affects Istio prior to versions 1.29.1, 1.28.5, and 1.27.8. If the JWKS resolver becomes unavailable or a fetch fails, a user is exposed to hardcoded defaults regardless of the use of the RequestAuthentication resource. This can impact confidentiality and system behavior as default...

PT-2026-24488

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

EUVD-2021-1754

Malware in sbrugna...

EUVD-2022-26894

Malicious code in bioql PyPI...

EUVD-2022-26891

Malicious code in bioql PyPI...

EUVD-2022-7256

Malicious code in bioql PyPI...

CVE-2021-39155

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Path traversal

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...