{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T16:31:51.017","vulnerabilities":[{"cve":{"id":"CVE-2026-31837","sourceIdentifier":"security-advisories@github.com","published":"2026-03-10T22:16:21.720","lastModified":"2026-03-18T18:59:40.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8."},{"lang":"es","value":"Istio es una plataforma abierta para conectar, gestionar y proteger microservicios. Antes de 1.29.1, 1.28.5 y 1.27.8, un usuario de Istio se ve afectado si el resolvedor JWKS deja de estar disponible o la obtención falla, exponiendo valores predeterminados codificados independientemente del uso del recurso RequestAuthentication. Esta vulnerabilidad está corregida en 1.29.1, 1.28.5 y 1.27.8."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*","versionEndExcluding":"1.27.8","matchCriteriaId":"DE1D1FE4-AFED-401D-9806-64A2BCD3E4B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.28.0","versionEndExcluding":"1.28.5","matchCriteriaId":"B739C51C-21B8-4697-90E0-89D74035D191"},{"vulnerable":true,"criteria":"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.29.0","versionEndExcluding":"1.29.1","matchCriteriaId":"4E81CE4C-D040-4F85-AAFE-4CEA4906E14A"}]}]}],"references":[{"url":"https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}