istio.io/istio (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package istio.io/istio, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2021-39155 — CVSS 8.3 (high): Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce…
CVE-2021-39156 — CVSS 8.1 (high): Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce…
CVE-2019-18817 — CVSS 7.5 (high): Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to…
CVE-2019-14993 — CVSS 7.5 (high): Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the…
CVE-2022-23635 — CVSS 7.5 (high): Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is…
CVE-2022-31045 — CVSS 7.0 (high): Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain…
CVE-2020-16844 — CVSS 6.8 (medium): In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using…
CVE-2026-39350 — CVSS 5.4 (medium): Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0…
CVE-2026-41413 — CVSS 5.0 (medium): Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication…