Announcing Istio 1.29.1

Istio 1.29.1 patch release.

Mar 10, 2026

This release contains security fixes. This release note describes what’s different between Istio 1.29.0 and 1.29.1.

Things to know and prepare before upgrading.

Download and install this release.

Visit the documentation for this release.

Inspect the full set of source code changes.

Security update

For more information, see ISTIO-SECURITY-2026-001.

CVE-2026-26308 (CVSS score 7.5, High): Fix multivalue header bypass in RBAC.
CVE-2026-26311 (CVSS score 5.9, Medium): HTTP decode methods blocked after downstream reset.
CVE-2026-26310 (CVSS score 5.9, Medium): Fix crash in getAddressWithPort() with scoped IPv6 address.
CVE-2026-26309 (CVSS score 5.3, Medium): JSON off-by-one write fix.
CVE-2026-26330 (CVSS score 5.3, Medium): Ratelimit response phase crash fix.

CVE-2026-31838 / GHSA-974c-2wxh-g4ww: (CVSS score 6.9, Medium): Debug Endpoints Allow Cross-Namespace Proxy Data Access. Reported by 1seal.
CVE-2026-31837 / GHSA-v75c-crr9-733c: (CVSS score 8.7, High): JWKS Resolver Failure May Allow Authentication Bypass Using Known Default Keys. Reported by 1seal.

Fixed XDS debug endpoints on plaintext port 15010 to require authentication, preventing unauthenticated access to proxy configuration. Reported by 1seal.
Fixed HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. Reported by Sergey Kanibor (Luntry).
Added the ability to specify authorized namespaces for debug endpoints when ENABLE_DEBUG_ENDPOINT_AUTH=true. Enable by setting DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES to a comma separated list of authorized namespaces. The system namespace (typically istio-system) is always authorized.
Fixed JWKS resolver to use a safe fallback when JWKS fetch fails, preventing authentication bypass via publicly known default keys. Reported by 1seal.
Fixed potential SSRF in WasmPlugin image fetching by validating bearer token realm URLs. Reported by Sergey Kanibor (Luntry).

Fixed incorrect mapping of meshConfig.tlsDefaults.minProtocolVersion to tls_minimum_protocol_version in downstream TLS context.
Fixed Gateway API CORS origin parsing to be stricter with wildcards, and to ignore unmatched preflights. (Issue #59018)
Fixed an issue where waypoints failed to add the TLS inspector listener filter when only TLS ports existed, causing SNI-based routing to fail for wildcard ServiceEntry with resolution: DYNAMIC_DNS. (Issue #59024)
Fixed an issue where baggage-based peer metadata discovery interfered with TLS or PROXY traffic policies. As a short term fix, baggage-based metadata discovery is disabled for routes with TLS or PROXY traffic policies configured, which may result in incomplete telemetry in multicluster deployments. (Issue #59117)
Fixed a nil pointer dereference that occurs during the upgrade process in multi-primary deployment. (Issue #59153)
Fixed a nil pointer dereference in ServiceEntry validation for DYNAMIC_DNS resolution that could crash istiod. (Issue #59171)
Fixed istiod crashing when PILOT_ENABLE_AMBIENT=true but AMBIENT_ENABLE_MULTI_NETWORK is not set and a WorkloadEntry resource exists with a different network than the local cluster.
Fixed an issue where setting resource limits or requests to null would cause validation errors. (Issue #58805)