ReleaseBytes
gcp Google Cloud release notes ·

Cloud Service Mesh Updates Address Numerous CVEs

securitygcpsecurity-advisoryengineer
patch announcement

Multiple versions of Cloud Service Mesh have been released with significant security updates, including fixes for critical and high-severity CVEs across the proxy, control plane, and CNI components. These updates are crucial for maintaining the security posture of service mesh deployments. Users are advised to upgrade to the latest available patch versions to protect against identified vulnerabilities.

  • 1.28.7-asm.3 is now available for in-cluster Cloud Service Mesh.
  • 1.27.9-asm.4 is now available for in-cluster Cloud Service Mesh.
  • 1.26.8-asm.10 is now available for in-cluster Cloud Service Mesh.
Fixes (4)
  • Cloud Service Mesh

    Patch 1.28.7-asm.3 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-27143 Yes Yes Yes Yes Critical (9.8) CVE-2026-31789 Yes Yes No Yes Low (9.8) CVE-2026-27140 Yes Yes Yes Yes High (8.8) CVE-2026-28387 Yes Yes No Yes Low (8.1) CVE-2026-41413 Yes Yes Yes Yes Medium (7.7) CVE-2026-2219 Yes Yes No Yes Medium (7.5) CVE-2026-27135 Yes Yes No Yes Medium (7.5) CVE-2026-28388 Yes Yes No Yes Low (7.5) CVE-2026-28389 Yes Yes No Yes Low (7.5) CVE-2026-28390 Yes Yes No Yes Low (7.5) CVE-2026-29181 Yes Yes Yes Yes High (7.5) CVE-2026-31790 Yes Yes No

    CVE-2026-27143CVE-2026-31789CVE-2026-27140CVE-2026-28387CVE-2026-41413
  • Cloud Service Mesh

    Patch 1.27.9-asm.4 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2022-31045 Yes Yes Yes Yes Medium (9.8) CVE-2026-27143 Yes Yes Yes Yes Critical (9.8) CVE-2026-31789 Yes Yes No Yes Low (9.8) CVE-2026-27140 Yes Yes Yes Yes High (8.8) CVE-2026-28387 Yes Yes No Yes Low (8.1) CVE-2026-41413 Yes Yes Yes Yes Medium (7.7) CVE-2019-14993 Yes Yes Yes Yes High (7.5) CVE-2021-39155 Yes Yes Yes Yes High (7.5) CVE-2021-39156 Yes Yes Yes Yes High (7.5) CVE-2022-23635 Yes Yes Yes Yes High (7.5) CVE-2026-2219 Yes Yes No Yes Medium (7.5) CVE-2026-27135 Yes

    CVE-2022-31045CVE-2026-27143CVE-2026-31789CVE-2026-27140CVE-2026-28387
  • Cloud Service Mesh

    These patch releases contain the fixes for the following CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-27143 Yes Yes Yes Yes Critical (9.8) CVE-2026-31789 Yes Yes No Yes Low (9.8) CVE-2026-27140 Yes Yes Yes Yes High (8.8) CVE-2026-28387 Yes Yes No Yes Low (8.1) CVE-2026-41413 Yes Yes Yes Yes Medium (7.7) CVE-2026-2219 Yes Yes No Yes Medium (7.5) CVE-2026-27135 Yes Yes No Yes Medium (7.5) CVE-2026-28388 Yes Yes No Yes Low (7.5) CVE-2026-28389 Yes Yes No Yes Low (7.5) CVE-2026-28390 Yes Yes No Yes Low (7.5) CVE-2026-29181 Yes Yes Yes Yes High (7.5) CVE-2026-31790 Yes Yes No Yes

    CVE-2026-27143CVE-2026-31789CVE-2026-27140CVE-2026-28387CVE-2026-41413
  • Cloud Service Mesh

    Patch 1.26.8-asm.10 contains fixes for the following platform CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2022-31045 Yes Yes Yes Yes Medium (9.8) CVE-2026-27143 Yes Yes Yes Yes Critical (9.8) CVE-2026-31789 Yes Yes No Yes Low (9.8) CVE-2026-27140 Yes Yes Yes Yes High (8.8) CVE-2026-28387 Yes Yes No Yes Low (8.1) CVE-2026-41413 Yes Yes Yes Yes Medium (7.7) CVE-2019-14993 Yes Yes Yes Yes High (7.5) CVE-2021-39155 Yes Yes Yes Yes High (7.5) CVE-2021-39156 Yes Yes Yes Yes High (7.5) CVE-2022-23635 Yes Yes Yes Yes High (7.5) CVE-2026-2219 Yes Yes No Yes Medium (7.5) CVE-2026-27135 Yes

    CVE-2022-31045CVE-2026-27143CVE-2026-31789CVE-2026-27140CVE-2026-28387
Notes (4)
  • Cloud Service Mesh 1.28.7-asm.3 is now available for in-cluster Cloud Service Mesh.

    1.28.7-asm.3 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.28.7-asm.3 uses Envoy v1.36.7-dev.

    Upgrade Cloud Service Mesh
  • Cloud Service Mesh 1.27.9-asm.4 is now available for in-cluster Cloud Service Mesh.

    1.27.9-asm.4 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.27.9-asm.4 uses Envoy v1.35.10-dev.

    Upgrade Cloud Service Mesh
  • Cloud Service Mesh

    The following images are now rolling out for managed Cloud Service Mesh: 1.21.6-asm.32 is rolling out to the rapid release channel. The regular release channel is being upgraded from 1.20 to 1.21.6-asm.32. The stable release channel is being upgraded from 1.19 to 1.20.8-asm.80.

  • Cloud Service Mesh 1.26.8-asm.10 is now available for in-cluster Cloud Service Mesh.

    1.26.8-asm.10 is now available for in-cluster Cloud Service Mesh. For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.26.8-asm.10 uses Envoy v1.34.14.

    Upgrade Cloud Service Mesh
Read the original announcement →

https://docs.cloud.google.com/release-notes#June_03_2026

© 2026 ReleaseBytes Aggregated release notes & tech news. We link to the original source.