Red Hat Service Mesh
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Service Mesh.
Recent Red Hat Service Mesh Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:3111 | (RHSA-2026:3111) Red Hat OpenShift Service Mesh 3.2.2 | February 23, 2026 |
| RHSA-2026:3109 | (RHSA-2026:3109) Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2 | February 23, 2026 |
| RHSA-2026:3108 | (RHSA-2026:3108) Red Hat OpenShift Service Mesh 3.1.5 | February 23, 2026 |
| RHSA-2026:3107 | (RHSA-2026:3107) Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6 | February 23, 2026 |
| RHSA-2026:3106 | (RHSA-2026:3106) Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0 | February 23, 2026 |
| RHSA-2026:3105 | (RHSA-2026:3105) Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1 | February 23, 2026 |
| RHSA-2026:3104 | (RHSA-2026:3104) Red Hat OpenShift Service Mesh 3.0.8 | February 23, 2026 |
| RHSA-2026:2149 | (RHSA-2026:2149) Kiali 2.17.3 for Red Hat OpenShift Service Mesh 3.2 | February 5, 2026 |
| RHSA-2026:2148 | (RHSA-2026:2148) Kiali 2.11.6 for Red Hat OpenShift Service Mesh 3.1 | February 5, 2026 |
| RHSA-2026:2147 | (RHSA-2026:2147) Kiali 2.4.12 for Red Hat OpenShift Service Mesh 3.0 | February 5, 2026 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Service Mesh. Last year, in 2025 Service Mesh had 5 security vulnerabilities published. Right now, Service Mesh is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 5.24 |
It may take a day or so for new Service Mesh vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Service Mesh Security Vulnerabilities
Supabase Live Query Bypass Lets Guest Users Access Unauthorized Data
CVE-2025-11060
5.7 - Medium
- September 26, 2025
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records.
AuthZ
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Verification of Cryptographic Signature
serialize-javascript XSS via unsanitized regex input
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
Openshift Mesh 2.6.3/2.5.6: Envoy Header Sanitization Bypass DDoS & Replay
CVE-2025-0752
7.1 - High
- January 28, 2025
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
HTTP Request Smuggling
OpenShift Service Mesh 2.6.3 Log Injection via x-forwarded-for Header
CVE-2025-0754
4.3 - Medium
- January 28, 2025
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks.
Improper Output Neutralization for Logs
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Service Mesh or by Red Hat? Click the Watch button to subscribe.
