AppViewX Security Advisory | Managed K8s | 2026.2.0.0
Advisory
AppViewX has identified a few medium and low in-house vulnerabilities, which are addressed holistically across the product. A high level overview of these fixes are provided in this document. If a summary of the internal pentest document is required, please reach out to [email protected] or [email protected].
Risk Matrix
| Product Version | Patch Availability |
|---|---|
| AppViewX 2026.2.0.0 - Managed K8s | Available |
Scope
The scope of penetration testing includes validation of the infrastructure, web application, and the APIs in a Managed Kubernetes environment.
Vulnerabilities Addressed and Controls Implemented
| Scope | Vulnerabilities Addressed | CVSS Score | Controls Implemented |
|---|---|---|---|
| Web and API | Injection (Improper Input Validation) | 5.3 | Implemented strict server-side and client-side input validation, output encoding, input sanitization, input length restrictions, character whitelisting, and secure handling of user-supplied data. |
| Web & API | Security Misconfiguration | 3.1 - 3.5 | Strengthened protection of sensitive credentials, secured configuration settings, restricted unauthorized modifications, and enhanced security configuration management controls. |
Components Upgraded
AppViewX periodically reviews the third party components used as part of the product
for vulnerabilities, end-of-life and upgrades the tools as part of every major
release. The components that are upgraded as part of the AppViewX 2026.2.0.0 managed
kubernetes release are as follows:
| Component | Version |
|---|---|
| istio/pilot | v1.29.1 |
| istio/proxyv2 | v1.29.1 |
| prom/prometheus | v3.5.0 (LTS) |
| beats/filebeat | v9.2.4 |
| elasticsearch | v9.2.4 |
| kibana | v9.2.4 |
| logstash | v9.2.4 |
| redis-exporter | v1.80.2 |
| grafana | v12.4.1 |
| kube-state-metrics | v2.18.0 |
| prom/alertmanager | v0.30.1 |
| Redis | v8.4.0 |
| prom/node-exporter | v1.10.2 |
| kube-metrics-adapter | v0.2.7 |
| openbao | v2.4.4 |
| Mongo | v8.0.19 |
| metrics-server | v0.8.1 |
| strimzi/kafka | v0.50.0-kafka-4.0.0 |
| strimzi/operator | v0.50.0 |
| alpine | v3.23.3 |
Questions or Security Concerns?
Please reach out to the AppViewX Enterprise Information Security at [email protected] for any queries related to the product security.
