CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

EUVD-2026-10939

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

CVE-2026-31837

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

Istio 信息泄露漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.29.1, 1.28.5, and 1.27.8 have a vulnerability related to information leakage. This vulnerability arises from the JWKS resolver being unavailable or failing to retrieve values, exposin...

CVE-2026-23766

...

Istio parameter injection vulnerability

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.2 have a parameter injection vulnerability. This vulnerability stems from the ability to inject iptables rules through annotations, thereby changing the firewall’s behavior...

Istio 安全漏洞

Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in branches from Istio versions 1.15.x through prior to 1.15.3, which stems from the fact that a user with local host access to the Istiod control plane can emulate any workload...

istio/istio: HTTP request with fragment in URI can bypass authorization mechanisms

An authorization bypass vulnerability was found in istio/istio. An HTTP request is incorrectly evaluated when a URI fragment is specified. This flaw allows an attacker to bypass an Istio URI-based authorization rule. The highest threat from this vulnerability is to confidentiality, integrity, as...

Istio 安全漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. A security vulnerability exists in Istio that allows an attacker to bypass the Istio authorization policy for the use of hosts in rules, potentially gaining access to downstream services...

Istio 权限许可和访问控制问题漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to a privilege permission and access control issue that arises from an application that does not properly impose security restrictions. This vulnerability could allow an attacker to access...

Envoy and Istio Information Disclosure Vulnerabilities

Envoy is an open source distributed proxy server.Istio is an open platform for connecting, managing and securing microservices. An information disclosure vulnerability exists in Istio 1.5.1 and earlier versions and Envoy 1.14.1 and earlier versions. An attacker can exploit the vulnerability to...

Unspecified Vulnerability in Istio

Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in Istio versions 1.3 through 1.3.6. An attacker can exploit the vulnerability by encoding the source.uid in the x-istio-attributes header to bypass the configured Mixer policy...