Information disclosure in Istio

CVE-2026-31837

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of…

Vulnerability class: Information Disclosure

EPSS: 0.001 (22.0th percentile) — read the EPSS interpretation.

Affected products

Istio — versions >= 1.29.0-alpha.0, < 1.29.1, >= 1.28.0-alpha.0, < 1.28.5, < 1.27.8

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c (x_refsource_CONFIRM)