Primary

Context

Istio JWKS Resolver Failure Leading to Exposure of Hardcoded Default Keys Vulnerability

Vulnerability

Patched

A vulnerability exists in Istio versions prior to 1.29.1, 1.28.5, and 1.27.8, where a failure in the JWKS resolver can lead to the exposure of hardcoded default keys. This issue arises regardless of the use of the RequestAuthentication resource, leaving users vulnerable when the JWKS resolver becomes unavailable or the key fetch fails.

Impact

Exploitation of this vulnerability can result in the unintended exposure of hardcoded default keys, which could be misused in authentication processes.

Remediation

Users can upgrade to Istio versions 1.29.1, 1.28.5, or 1.27.8 to address this vulnerability.

Added: Mar 10, 2026, 10:17 PM

Updated: Mar 10, 2026, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.5

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.5

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Istio JWKS Resolver Failure Leading to Exposure of Hardcoded Default Keys Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Istio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating