2430117 – (CVE-2026-23766) CVE-2026-23766 istio: Istio: Firewall rule injection via annotation allows limited integrity impact

Bug 2430117 (CVE-2026-23766) - CVE-2026-23766 istio: Istio: Firewall rule injection via annotation allows limited integrity impact

Summary: CVE-2026-23766 istio: Istio: Firewall rule injection via annotation allows li...

Keywords:
Status:	NEW
Alias:	CVE-2026-23766
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-15 20:02 UTC by OSIDB Bzimport
Modified:	2026-02-18 08:28 UTC (History)
CC List:	67 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-15 20:02:00 UTC

Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already exclude sidecar injection entirely)."

Note You need to log in before you can comment on or make changes to this bug.

alebedev
anjoseph
asoldano
bbaranow
bmaxwell
brian.stansberry
carogers
darran.lofthouse
dhanak
dosoudil
drosa
dschmidt
dsimansk
erezende
fdeutsch
gmalinko
haoli
hkataria
istudens
ivassile
iweiss
jajackso
janstey
jcammara
jkoehler
jmitchel
jneedle
jprabhak
kegrant
kingland
koliveir
kshier
kverlaen
lphiri
mabashia
manissin
mattdavi
matzew
mnovotny
mosmerov
msvehla
nwallace
oramraz
pberan
pbohmill
pbraun
pdelbell
pesilva
pjindal
pmackay
rstancel
rstepani
sausingh
shvarugh
simaishi
smaestri
smcdonal
smullick
stcannon
stirabos
teagle
tfister
thason
thavo
tom.jenkinson
wtam
yguenane