HIGH🇬🇧 English

CVE-2026-31837

CVSS 8.7v4.0pub. 2026-03-10upd. 2026-06-30

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Istio

    APP
    Istio
    < 1.27.81.28.0 – 1.28.5 (bez)1.29.0 – 1.29.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-31921CRITICAL9.8ten sam produkt

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external clie...

CVE-2022-39388HIGH7.6ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior...

CVE-2022-39278HIGH7.5ten sam produkt

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and t...

CVE-2022-31045HIGH7.0ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed header...

CVE-2022-24726HIGH7.5ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control...