PT-2026-24488 · Istio · Istio
1Seal
·
Published
2026-03-10
·
Updated
2026-04-01
·
CVE-2026-31837
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Istio versions prior to 1.29.1
Istio versions prior to 1.28.5
Istio versions prior to 1.27.8
Description
Istio is a platform designed for connecting, managing, and securing microservices. If the JWKS resolver becomes unavailable or a fetch operation fails, hardcoded defaults are exposed, irrespective of the RequestAuthentication resource configuration. This impacts Istio users.
Recommendations
Update to Istio version 1.29.1 or later.
Update to Istio version 1.28.5 or later.
Update to Istio version 1.27.8 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Istio