PT-2026-3101 · Istio · Istio
Petrmc
·
Publicado
2026-01-15
·
Atualizado
2026-01-16
·
CVE-2026-23766
CVSS v3.1
4.1
Média
| Vetor | AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Istio versions through 1.28.2
Description
Istio versions through 1.28.2 permit the injection of iptables rules, potentially altering firewall behavior. This is achieved through the
traffic.sidecar.istio.io/excludeInterfaces annotation. The reporter notes that this may not represent a security issue, as pod creators can already prevent sidecar injection.Recommendations
Versions prior to 1.28.3 are affected.
Correção
Argument Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Istio