Nixpkgs security tracker

Untriaged

Permalink CVE-2026-23766

4.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 months ago

Istio through 1.28.2 allows iptables rule injection for changing firewall …

Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already exclude sidecar injection entirely)."

References

Affected products

Istio

=<1.28.2

Matching in nixpkgs

pkgs.istioctl

Istio configuration command line utility for service operators to debug and diagnose their Istio mesh

nixos-unstable 1.26.3
- nixpkgs-unstable 1.26.3
- nixos-unstable-small 1.26.3
nixos-25.11 1.28.0
- nixpkgs-25.11-darwin 1.28.0

Package maintainers

@ryan4yin Ryan Yin <xiaoyin_c@qq.com>
@bryanasdev000 Bryan Albuquerque <bryanasdev000@gmail.com>
@veehaitch Vincent Haupert <mail@vincent-haupert.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.istioctl

Package maintainers