Auth bypass in Istio

CVE-2026-31838

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may…

Vulnerability class: Broken Access Control

EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.

Affected products

Istio — versions >= 1.29.0-alpha.0, < 1.29.1, >= 1.28.0-alpha.0, < 1.28.5, < 1.27.8

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/istio/istio/security/advisories/GHSA-974c-2wxh-g4ww (x_refsource_CONFIRM)
https://github.com/istio/istio/commit/004fd6921314a8e2293fd195d91645dcbbff0aa1 (x_refsource_MISC)