istio Summary

Latest vulnerabilities published by istio

JSON RSS CSV 🔔 Create Alert Trigger

15 April 2026

Authorization Policy Bypass in Istio by Mistaking Dots in Service Account Names
CVE-2026-39350
IstioIstio5.4MEDIUM

10 March 2026

Authorization Policy Bypass in Istio by Envoy RBAC Header Matching
CVE-2026-31838
IstioIstio6.9MEDIUM
JWKS Resolver Vulnerability in Istio by Istio
CVE-2026-31837
IstioIstio8.7HIGH

10 November 2022

Istio may allow identity impersonation if user has localhost access
CVE-2022-39388
IstioIstio7.6HIGH

13 October 2022

Istio vulnerable to denial of service attack due to Golang Regex Library
CVE-2022-39278
IstioIstio7.5HIGH

9 June 2022

Ill-formed headers may lead to unexpected behavior in Istio
CVE-2022-31045
IstioIstio7HIGH

10 March 2022

Unauthenticated control plane denial of service attack in Istio
CVE-2022-24726
IstioIstio7.5HIGH

22 February 2022

Unauthenticated control plane denial of service attack in Istio
CVE-2022-23635
IstioIstio7.5HIGH

19 January 2022

24 August 2021

29 June 2021

Remote Credentials Exposure in Istio Gateway and DestinationRule
CVE-2021-34824
IstioIstio👾🟡8.8HIGH

2 June 2021

Remote Access Vulnerability in Istio Gateway Configuration by Istio
CVE-2021-31921
IstioIstio9.8CRITICAL

27 May 2021

Remote Exploit in Istio's Authorization Policy Handling
CVE-2021-31920
IstioIstio6.5MEDIUM

29 January 2021

NULL Pointer Dereference Vulnerability in Istio Pilot by Istio
CVE-2019-25014
IstioIstio6.5MEDIUM

1 October 2020

AuthorizationPolicy Bypass in Istio 1.5 and 1.6 by Istio
CVE-2020-16844
IstioIstio6.8MEDIUM

16 September 2020

Access Control Weakness in Openshift Service Mesh Operator
CVE-2020-14306
Istio-operator Pr...Openshift-service-mesh...8.8HIGH

15 April 2020

Data Leak Vulnerability in Istio and Envoy from Google
CVE-2020-11767
IstioIstio3.1LOW

14 February 2020

Policy Bypass in Istio Proxy on Istio for Ingress Traffic
CVE-2020-8843
IstioIstio7.4HIGH

12 February 2020

Authentication Bypass in Istio Across Multiple Versions
CVE-2020-8595
IstioIstio7.3HIGH

12 November 2019

Denial of Service Vulnerability in Istio by Google Cloud
CVE-2019-18817
IstioIstio7.5HIGH

13 August 2019

Denial of Service Vulnerability in Istio API Management System
CVE-2019-14993
IstioIstio7.5HIGH

28 June 2019

Access Token Mismanagement in Istio by Google
CVE-2019-12995
IstioIstio7.5HIGH

5 June 2019

Incorrect Access Control in Istio 1.1.x Affecting the Istio Open Source Community
CVE-2019-12243
IstioIstio7.5HIGH