Istio.Io Istio vulnerabilities

10 known vulnerabilities affecting istio.io/istio.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH6MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2026-39350MEDIUM≥ 0.0.0-20241024090207-0bf27d49ba4b, < 0.0.0-20260403004500-692e460c342d2026-04-16

CVE-2026-39350 [MEDIUM] CWE-185 Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots ### Impact The `serviceAccounts` and `notServiceAccounts` fields in AuthorizationPolicy incorrectly interpret dots (`.`) as a regular expression matcher. Because `.` is a valid character in a service account name, an `AuthorizationPolicy` ALLOW rule targeting SA e.g. `cert-manager.io` also matches `cert-manage

CVE-2022-31045MEDIUM≥ 0, < 1.12.18≥ 1.13.0, < 1.13.5+1 more2022-06-10

CVE-2022-31045 [MEDIUM] CWE-125 Ill-formed headers may lead to unexpected behavior in Istio Ill-formed headers may lead to unexpected behavior in Istio ### Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. ### Patches 1.12.8, 1.13.5, 1.14.1 ### Workarounds No. ### References More details can be found in the [

CVE-2019-18817HIGHCVSS 7.5≥ 1.3.0, < 1.3.52022-05-24

CVE-2019-18817 [HIGH] CWE-835 Istio vulnerable to denial of service Istio vulnerable to denial of service Istio 1.3.x before 1.3.5 is vulnerable to denial of service because `continue_on_listener_filters_timeout` is set to True, a related issue to CVE-2019-18836.

CVE-2019-14993HIGH≥ 0, < 1.1.13≥ 1.2.0, < 1.2.42022-05-24

CVE-2019-14993 [HIGH] CWE-185 Istio ReDoS Vulnerability Istio ReDoS Vulnerability Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.

CVE-2021-31920MEDIUM≥ 0, < 1.8.6≥ 1.9.0, < 1.9.52022-05-24

CVE-2021-31920 [MEDIUM] CWE-863 Istio Authorization Bypass Vulnerability Istio Authorization Bypass Vulnerability Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

CVE-2022-23635HIGH≥ 1.13.0, < 1.13.1≥ 1.12.0, < 1.12.4+1 more2022-02-23

CVE-2022-23635 [HIGH] CWE-1284 Unauthenticated control plane denial of service attack in Istio Unauthenticated control plane denial of service attack in Istio ### Impact The Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Isti

CVE-2019-12243HIGH≥ 1.1.0, < 1.1.72022-02-15

CVE-2019-12243 [HIGH] CWE-284 Istio may not check inbound TCP connections against istio-policy Istio may not check inbound TCP connections against istio-policy Istio 1.1.x through 1.1.6 has Incorrect Access Control. When `disablePolicyChecks` is set to `false`, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to `istio/pilot/pkg/networking/plugin/mixer/mixer.go` in 1.1.

CVE-2020-16844MEDIUM≥ 1.5.0, < 1.5.9≥ 1.6.0, < 1.6.82022-02-15

CVE-2020-16844 [MEDIUM] CWE-284 Authorization bypass in Istio Authorization bypass in Istio In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. ### Specific Go Packages Affected istio.io/istio/pilot/pkg/security/authz/model/matcher

CVE-2021-39155HIGH≥ 0, < 1.9.8≥ 1.10.0, < 1.10.4+1 more2021-08-30

CVE-2021-39155 [HIGH] CWE-178 Authorization Policy Bypass Due to Case Insensitive Host Comparison Authorization Policy Bypass Due to Case Insensitive Host Comparison ### Impact According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The Envoy proxy will route the request hostname in a case-insensitive way which means the author

CVE-2021-39156HIGH≥ 0, < 1.9.8≥ 1.10.0, < 1.10.4+1 more2021-08-30

CVE-2021-39156 [HIGH] CWE-706 Istio Fragments in Path May Lead to Authorization Policy Bypass Istio Fragments in Path May Lead to Authorization Policy Bypass ### Impact Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. ### Patches * Istio 1.11.1 and above * Istio 1.10.4 and above * Istio 1.9.8 and above ### Workarounds A Lua filter may be