Primary

Context

Istio Envoy RBAC Header Matching Authorization Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Istio versions prior to 1.29.1, 1.28.5, and 1.27.8, related to Envoy's Role-Based Access Control (RBAC) header matching. This vulnerability could allow an attacker to bypass authorization policies that depend on HTTP headers capable of containing multiple values. By crafting requests with specific multiple header values, an attacker could manipulate how Envoy interprets the headers, potentially evading authorization checks. As a result, unauthorized requests might reach protected services when the authorization policies rely on such header matching.

Impact

Exploitation of this vulnerability could lead to unauthorized access to services by bypassing header-based authorization checks, allowing unauthorized requests to reach protected resources.

Remediation

Users can upgrade to Istio versions 1.29.1, 1.28.5, or 1.27.8 to address this vulnerability.

Added: Mar 10, 2026, 10:17 PM

Updated: Mar 10, 2026, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.4

exploitability

7.8

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.4

exploitability

7.8

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Istio Envoy RBAC Header Matching Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Istio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating