Istio

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-31837 HIGH This Week

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 fall back to hardcoded default JWKS values when the resolver becomes unavailable or fails to fetch, potentially allowing attackers to bypass authentication controls configured via RequestAuthentication policies. This flaw exposes sensitive information and could enable unauthorized access to microservices when JWKS endpoints are unreachable. No patch is currently available for affected deployments.

Information Disclosure Istio

NVD GitHub VulDB

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-31837

EPSS 0% CVSS 7.5

HIGH This Week

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 fall back to hardcoded default JWKS values when the resolver becomes unavailable or fails to fetch, potentially allowing attackers to bypass authentication controls configured via RequestAuthentication policies. This flaw exposes sensitive information and could enable unauthorized access to microservices when JWKS endpoints are unreachable. No patch is currently available for affected deployments.

Information Disclosure Istio

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy