HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-41413 — Istio is an open platform to connect, manage, and secure microservices. Prior to...

·Source: NIST NVD

Updated:

Executive Summary

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS confi

Analysis

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2. CVSS Score: 5. Published: 2026-05-07T06:16:04.730.

Indicators of Compromise (1)

CVE (1)
CVE-2026-41413
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)

.. if “unproxyable” is a word that is ..

SANS ISC
MEDIUMVulnerability

Palm payments startup Five ID raises $6 million

Five ID, a London-based startup founded by two former Revoluters, has raised $6 million to support the launch of its palm-based biometric payment system.

Finextra
MEDIUMVulnerability

BaFin preps IT spotlight inspections amidst growing AI cybersecurity risks

German financial regulator BaFin is setting up a division to carry out targeted inspections at firms as it seeks to ward of the threat of AI-enabled cyber attacks on the sector.

Finextra