threat
engine
.sh
Back
·
··:··
Home
/
Product
/
istio
Product
istio
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41413
< 1.28.6
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthent
5.0
MEDIUM
CVE-2026-39350
>= 1.25.0 and < 1.27.9
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5,
5.4
MEDIUM
CVE-2026-31838
< 1.27.8
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in En
5.3
MEDIUM
CVE-2026-31837
< 1.27.8
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is im
7.5
HIGH
CVE-2023-44487
< 1.17.6
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2022-39388
>= 1.15.0 and <= 1.15.2
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user c
7.6
HIGH
CVE-2022-39278
< 1.13.9
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
7.5
HIGH
CVE-2022-31045
< 1.12.8
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in c
7.0
HIGH
CVE-2022-24726
< 1.11.8
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is v
7.5
HIGH
CVE-2022-23635
< 1.11.7
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane,
istiod
, is
7.5
HIGH
CVE-2022-21701
all versions
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a pri
5.0
MEDIUM
CVE-2022-21679
all versions
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with h
6.8
MEDIUM
CVE-2021-39156
< 1.9.8
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices,
8.1
HIGH
CVE-2021-39155
< 1.9.8
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices,
8.3
HIGH
CVE-2021-34824
>= 1.8.0 and < 1.9.6
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gate
8.8
HIGH
CVE-2021-31921
< 1.8.6
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpe
9.8
CRITICAL
CVE-2021-31920
< 1.8.6
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashe
6.5
MEDIUM
CVE-2019-25014
<= 1.4.9
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a p
6.5
MEDIUM
CVE-2020-16844
>= 1.5.0 and <= 1.5.8
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions us
6.8
MEDIUM
CVE-2020-10739
>= 1.4.0 and < 1.4.9
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending
7.5
HIGH
CVE-2020-11767
<= 1.5.1
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS)
3.1
LOW
CVE-2020-8843
>= 1.3.0 and <= 1.3.6
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configure
7.4
HIGH
CVE-2020-8595
>= 1.3 and <= 1.3.7
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authenti
7.3
HIGH
CVE-2019-18817
>= 1.3 and < 1.3.5
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to
7.5
HIGH
CVE-2019-18836
>= 1.3.0 and <= 1.3.3
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being ab
7.5
HIGH
CVE-2019-14993
< 1.1.13
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use
7.5
HIGH
CVE-2019-12995
< 1.2.2
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a
7.5
HIGH
CVE-2019-12243
>= 1.1 and <= 1.1.6
Istio 1.1.x through 1.1.6 has Incorrect Access Control.
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin