istio
Security Risk Profile
35
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 70 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from June 5, 2019 to present
70
Total CVEs
22
Critical+High
1
Exploited
10
Unpatched
Threat Assessment
Avg CVSS
7.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
10
Critical/High
Risk Level
35/100
low
⚠️ 1 Active Exploits⚡ 1 Zero-Days📈 2 in Last 30 Days
Severity Distribution
Critical
3High
19Medium
5Low
1Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
Null Pointer Dereference
3
2
SSRF
1
3
Infoleak
1
4
Input Validation
1
Most Affected Products
1. Istio Istio117
2. Apache Tomcat14
3. Microsoft Windows 1011
4. go/istio.io/istio9
5. redhat/Istio9
Recent Vulnerabilities
See more →EOL-istio-1.30
unknown
5/18/2026
CVE-2026-41413
CVSS 7.7high
Istio Vulnerable to SSRF via RequestAuthentication jwksUri
5/7/2026🔧 No Patch
CVE-2026-39350
CVSS 5.4medium
Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass
4/15/2026
CVE-2026-31838
CVSS 6.9EPSS 0%medium
Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.
3/10/2026🔧 No Patch
CVE-2026-31837
CVSS 8.7EPSS 0%high
Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.
3/10/2026🔧 No Patch
EOL-istio-1.29
unknown
2/16/2026
EOL-istio-1.28
unknown
11/5/2025
EOL-istio-1.27
unknown
8/11/2025
EOL-istio-1.26
unknown
5/8/2025
EOL-istio-1.25
unknown
3/3/2025
Monitor istio in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.