gcp Google Cloud release notes ·

Cloud Service Mesh updates address multiple critical CVEs

securitygcpsecurity-advisoryengineer
patch announcement

New versions of Cloud Service Mesh (1.29.5-asm.12, 1.28.10-asm.4, and 1.27.9-asm.15) are available, bringing fixes for numerous platform CVEs, including several rated Critical. These updates are crucial for maintaining the security posture of your service mesh deployments. Users are advised to consult the provided upgrade documentation to apply these security patches.

  • 1.29.5-asm.12 is now available for in-cluster Cloud Service Mesh.
  • 1.28.10-asm.4 is now available for in-cluster Cloud Service Mesh.
  • 1.27.9-asm.15 is now available for in-cluster Cloud Service Mesh.
Fixes (3)
  • Cloud Service Mesh

    Patch 1.29.5-asm.12 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-46595 Yes Yes Yes Yes Critical (10.0) CVE-2026-8376 Yes Yes No Yes Medium (9.8) CVE-2026-8925 Yes Yes No Yes Medium (9.8) CVE-2026-39830 Yes Yes Yes Yes Critical (9.1) CVE-2026-39831 Yes Yes Yes Yes Critical (9.1) CVE-2026-39832 Yes Yes Yes Yes Critical (9.1) CVE-2026-39833 Yes Yes Yes Yes Critical (9.1) CVE-2026-39834 Yes Yes Yes Yes Critical (9.1) CVE-2026-42496 Yes Yes No Yes Medium (9.1) CVE-2026-42508 Yes Yes Yes Yes Critical (9.1) CVE-2026-8924 Yes Yes No Yes Low (

  • Cloud Service Mesh

    Patch 1.28.10-asm.4 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-8376 Yes Yes No Yes Medium (9.8) CVE-2026-8925 Yes Yes No Yes Medium (9.8) CVE-2026-42496 Yes Yes No Yes Medium (9.1) CVE-2026-8924 Yes Yes No Yes Low (9.1) CVE-2026-8927 Yes Yes No Yes Medium (9.1) CVE-2026-8286 Yes Yes No Yes Low (8.1) CVE-2025-69720 Yes Yes No Yes Low (7.8) CVE-2026-39822 Yes Yes Yes Yes High (7.8) CVE-2026-41992 Yes Yes No Yes Medium (7.5) CVE-2026-42151 No No No Yes High (7.5) CVE-2026-42154 No No No Yes High (7.5) CVE-2026-9547 Yes Yes No Yes Low (

  • Cloud Service Mesh

    Patch 1.27.9-asm.15 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-8376 Yes Yes No Yes Medium (9.8) CVE-2026-8925 Yes Yes No Yes Medium (9.8) CVE-2026-42496 Yes Yes No Yes Medium (9.1) CVE-2026-8924 Yes Yes No Yes Low (9.1) CVE-2026-8927 Yes Yes No Yes Medium (9.1) CVE-2026-8286 Yes Yes No Yes Low (8.1) CVE-2025-69720 Yes Yes No Yes Low (7.8) CVE-2026-39822 Yes Yes Yes Yes High (7.8) CVE-2026-41992 Yes Yes No Yes Medium (7.5) CVE-2026-9547 Yes Yes No Yes Low (7.4) CVE-2026-8458 Yes Yes No Yes Low (6.5) CVE-2026-5704 Yes Yes No Yes Mediu

Notes (3)
  • Cloud Service Mesh 1.29.5-asm.12 is now available for in-cluster Cloud Service Mesh.

    1.29.5-asm.12 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.29.5-asm.12 uses Envoy v1.35.13.

  • Cloud Service Mesh 1.28.10-asm.4 is now available for in-cluster Cloud Service Mesh.

    1.28.10-asm.4 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.28.10-asm.4 uses Envoy v1.36.9.

  • Cloud Service Mesh 1.27.9-asm.15 is now available for in-cluster Cloud Service Mesh.

    1.27.9-asm.15 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.27.9-asm.15 uses Envoy v1.35.13v.

Read the original announcement →

https://docs.cloud.google.com/release-notes#July_15_2026

Related releases