CVE-2026-41413

Source
https://cve.org/CVERecord?id=CVE-2026-41413
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41413.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41413
Aliases
Related
Published
2026-05-07T04:18:32.040Z
Modified
2026-07-08T08:13:13.238891233Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
Istio Vulnerable to SSRF via RequestAuthentication jwksUri
Details

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41413.json"
}
References

Affected packages

Git / github.com/istio/istio

Affected ranges

Type
GIT
Repo
https://github.com/istio/istio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.28.6"
        },
        {
            "introduced": "1.29.0"
        },
        {
            "fixed": "1.29.2"
        }
    ],
    "cpe": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.3.0
0.5.0
0.6.0
1.*
1.0.0-snapshot.0
1.1.0-snapshot.2
1.1.0.snapshot.0
1.1.0.snapshot.1
1.12.0-alpha.0
1.12.0-alpha.1
1.12.0-alpha.5
1.18.0-alpha.0
1.19.0-alpha.0
1.19.0-alpha.1
1.2.0-rc.0
1.2.0-rc.3
1.22.0-alpha.1
1.23.0-alpha.0
1.24.0-alpha.0
1.25.0-alpha.0
1.26.0-alpha.0
1.28.0
1.28.0-alpha.0
1.28.0-beta.0
1.28.0-beta.1
1.28.0-rc.0
1.28.0-rc.1
1.28.2
1.28.3
1.28.4
1.29.0
1.29.0-rc.3
1.5.0-alpha.0
1.5.0-beta.1
1.5.0-beta.2
1.6.0-alpha.0
1.6.0-alpha.1
1.6.0-alpha.2
1.7.0-alpha.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41413.json"