AppViewX Security Advisory | SaaS | 2026.1.0.0
Advisory
AppViewX has identified a few medium level in house vulnerabilities, which are addressed holistically across the product. A high level overview of these fixes are provided in this document. If a summary of the internal pentest document is required, please reach out to [email protected] or [email protected].
Risk Matrix
| Product Version | Patch Availability |
|---|---|
| AppViewX v2026.1.0.0 SaaS | Available |
Scope
The scope of penetration testing includes validation of the infrastructure, web application, and the APIs in a SaaS environment
Vulnerabilities Addressed and Controls Implemented
| Scope | Vulnerabilities Addressed | CVSS Score | Controls Implemented |
|---|---|---|---|
| Web and API | Injection | 4.6 - 8.5 | Implemented strict client and server-side input validation. |
| Insecure design | 5.1 | Implemented proper concurrency controls, including request locking and atomic operations. | |
| Cryptographic failures | 6.9 | Implemented secure authentication flows ensuring passwords are never transmitted, logged, or returned. | |
| Security misconfiguration | 5.1 | Implemented measures to prevent the disclosure of sensitive information. |
Components Upgraded
AppViewX periodically reviews the third-party components used as part of the product
vulnerabilities, End of Life, and upgrades the tools as part of every major release.
The components that are upgraded as part of the AppViewX v2026.1.0.0 - SaaS release
are as follows:
| Component | Version |
|---|---|
| docker.io/prom/prometheus | v3.5.0 |
| docker.io/istio/operator | 1.28.0 |
| docker.io/istio/pilot | 1.28.0 |
| docker.io/istio/proxyv2 | 1.28.0 |
| metrics-server | v0.8.0 |
| kube-metrics-adapter | v0.2.6 |
| redis | 8.2.2 |
| redis-exporter | v1.77.0 |
| quay.io/strimzi/kafka | 0.48.0-kafka-4.1.0 |
| quay.io/strimzi/operator | 0.48.0 |
| elastic/apm-serve | v9.1.4 |
| redis/redis-stack-server | 7.4.0-v7 |
| alpine | 3.22.1 |
| kube-state-metrics | v2.17.0 |
| node-exporter | v1.9.1 |
| alertmanager | v0.28.1 |
| docker.io/amazon/aws-efs-csi-driver | v2.1.13 |
| registry.k8s.io/autoscaling/cluster-autoscaler | v1.34.0 |
| gallery.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver | v1.51.0 |
| aws-load-balancer-controller | v2.14.0 |
The Cloud Connector components that are upgraded as part of the AppViewX v2026.1.0.0
- SaaS release are as follows:
| Component | Version |
|---|---|
| ghcr.io/k3d-io/k3d-tools | 5.8.3 |
| rancher/local-path-provisioner | v0.0.32 |
| rancher/mirrored-coredns-coredns | 1.13.1 |
| rancher/k3s | v1.34.3-k3s1 |
| rancher/mirrored-pause | 3.6 |
| K3s binary | v1.34.3-k3s1 |
| Helm binary | v4.0.4 |
| K3d binary | v5.8.3 |
Questions or Security Concerns?
Please reach out to the AppViewX Enterprise Information Security at [email protected] for any queries related to the product security.
