Zurück zur CVE-Übersicht
CVE-2026-31837
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Risk Signal Score19/100 — NIEDRIG
- CVSS 7.5 — Hoch
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
Referenzen
- https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c
- https://access.redhat.com/errata/RHSA-2026:10184
- https://access.redhat.com/errata/RHSA-2026:5948
- https://access.redhat.com/errata/RHSA-2026:5950
- https://access.redhat.com/errata/RHSA-2026:5952
- https://access.redhat.com/security/cve/CVE-2026-31837
- https://bugzilla.redhat.com/show_bug.cgi?id=2446344
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31837.json