Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2.
AnalysisAI
Istio versions prior to 1.28.6 and 1.29.2 allow authenticated attackers to perform Server-Side Request Forgery (SSRF) attacks via RequestAuthentication resources with malicious jwksUri values pointing to internal services, enabling istiod to fetch sensitive data from localhost or link-local IPs and distribute it to Envoy proxies through xDS configuration. The vulnerability requires an authenticated user to create or modify a RequestAuthentication resource, limiting the attack surface to cluster administrators or users with API access. A partial mitigation was released in earlier versions (1.29.1, 1.28.5, 1.27.8) but was incomplete; the complete fix is in versions 1.28.6 and 1.29.2.
Technical ContextAI
Istio is a service mesh control plane that uses RequestAuthentication resources to configure JWT validation policies. When a RequestAuthentication resource specifies a jwksUri (JSON Web Key Set URI), istiod's control plane fetches the public keys from that URI via unauthenticated HTTP GET to validate JWT tokens at runtime. The vulnerability stems from CWE-918 (Server-Side Request Forgery), where istiod fails to validate and filter the jwksUri destination, allowing it to access restricted internal addresses including localhost (127.0.0.0/8) and IPv6 link-local addresses (fe80::/10). Once fetched, this potentially sensitive data gets embedded in xDS (Envoy Discovery Service) configuration messages that are distributed to all Envoy sidecar proxies in the cluster, effectively leaking internal service responses to multiple nodes. The affected component is the istiod control plane daemon responsible for certificate and configuration management across the Istio mesh.
RemediationAI
Upgrade Istio to version 1.28.6, 1.29.2, or later immediately. For organizations unable to upgrade immediately, a ValidatingAdmissionPolicy can be deployed to Kubernetes to prevent the creation of RequestAuthentication resources with jwksUri values pointing to restricted address ranges including localhost (127.0.0.0/8), IPv4 link-local (169.254.0.0/16), IPv6 localhost (::1/128), and IPv6 link-local (fe80::/10). This workaround requires Kubernetes 1.26+ and the ValidatingAdmissionPolicy feature gate enabled, and it adds latency to RequestAuthentication resource creation but has no impact on data plane performance. The partial mitigation available in versions 1.27.8, 1.28.5, and 1.29.1 should NOT be considered sufficient and should be upgraded past as soon as possible; these versions contain incomplete fixes that may still allow exploitation through undocumented code paths. Apply the remediation in this order: first deploy the ValidatingAdmissionPolicy as an immediate brake on new vulnerable resources, then schedule and execute the Istio control plane upgrade to a patched version during a maintenance window.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28315