CVE-2026-31838

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-31838
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31838.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31838
Aliases
  • GHSA-974c-2wxh-g4ww
Downstream
Published
2026-03-10T21:58:53.354Z
Modified
2026-03-13T11:36:43.918176Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator
Summary
Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.
Details

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests with multiple header values in a way that causes Envoy to evaluate the header differently than intended, potentially bypassing authorization checks. This may allow unauthorized requests to reach protected services when policies depend on such header-based matching conditions. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31838.json"
}
References

Affected packages

Git / github.com/istio/istio

Affected ranges

Type
GIT
Repo
https://github.com/istio/istio
Events
Introduced
8e673fa60bc4ca5e6fbc2bf2a1553ad3446ff32d
Fixed
6991a379e1fcfbe21e64da2eda5d56624a5547b4
Database specific 
{
    "versions": [
        {
            "introduced": "1.29.0-alpha.0"
        },
        {
            "fixed": "1.29.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/istio/istio
Events
Introduced
6000d6f4713c022c017f95d2ab8f54aa10b620e3
Fixed
7da6662175184479cb9281f3d814d6994bf1009f
Database specific 
{
    "versions": [
        {
            "introduced": "1.28.0-alpha.0"
        },
        {
            "fixed": "1.28.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/istio/istio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4aee98e195c1af3f5e9385c637050db22d8c41d8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.27.8"
        }
    ]
}

Affected versions

0.*
0.3.0
0.5.0
0.6.0
1.*
1.0.0
1.0.0-snapshot.0
1.0.0-snapshot.1
1.0.0-snapshot.2
1.1.0
1.1.0-rc.0
1.1.0-rc.1
1.1.0-rc.2
1.1.0-rc.3
1.1.0-rc.4
1.1.0-rc.5
1.1.0-rc.6
1.1.0-snapshot.2
1.1.0-snapshot.3
1.1.0-snapshot.4
1.1.0-snapshot.5
1.1.0-snapshot.6
1.1.0.snapshot.0
1.1.0.snapshot.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.12.0-alpha.0
1.12.0-alpha.1
1.12.0-alpha.5
1.18.0-alpha.0
1.19.0-alpha.0
1.19.0-alpha.1
1.2.0-rc.0
1.2.0-rc.3
1.22.0-alpha.1
1.23.0-alpha.0
1.24.0-alpha.0
1.25.0-alpha.0
1.26.0-alpha.0
1.27.0
1.27.0-beta.0
1.27.0-rc.0
1.27.1
1.27.2
1.27.3
1.27.5
1.27.6
1.27.7
1.28.0
1.28.0-alpha.0
1.28.0-beta.0
1.28.0-beta.1
1.28.0-rc.0
1.28.0-rc.1
1.28.2
1.28.3
1.28.4
1.5.0-alpha.0
1.5.0-beta.1
1.5.0-beta.2
1.6.0-alpha.0
1.6.0-alpha.1
1.6.0-alpha.2
1.7.0-alpha.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31838.json"