HIGH🇵🇱 Wersja polska

CVE-2026-31837

CVSS 8.7v4.0pub. 2026-03-10upd. 2026-06-30

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Istio

    APP
    Istio
    < 1.27.81.28.0 – 1.28.5 (bez)1.29.0 – 1.29.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-31921CRITICAL9.8ten sam produkt

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external clie...

CVE-2022-39388HIGH7.6ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior...

CVE-2022-39278HIGH7.5ten sam produkt

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and t...

CVE-2022-31045HIGH7.0ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed header...

CVE-2022-24726HIGH7.5ten sam produkt

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control...