1. Istio 1.21.6 Patches Critical gRPC-Go Flaw (CVE-2026-33186) Enabling Authorization Bypass
The Istio service mesh has released a critical security patch for version 1.21.6, addressing a severe vulnerability in the underlying gRPC-Go library. The flaw, tracked as CVE-2026-33186, allows for a complete authorization bypass. The exploit hinges on a missing leading slash in the HTTP/2 `:path` pseudo-header, which...