AppViewX Security Advisory | SaaS | 2026.2.0.0
Advisory
AppViewX has identified a few medium and low in-house vulnerabilities, which are addressed holistically across the product. A high level overview of these fixes are provided in this document. If a summary of the internal pentest document is required, please reach out to [email protected] or [email protected].
Risk Matrix
| Product Version | Patch Availability |
|---|---|
| AppViewX v2026.2.0.0 SaaS | Available |
Scope
The scope of penetration testing includes validation of the infrastructure, web application, cloud connectors, and the APIs in a SaaS environment.
Vulnerabilities Addressed and Controls Implemented
| Scope | Vulnerabilities Addressed | CVSS Score | Controls Implemented |
|---|---|---|---|
| Web and API | Injection (Improper Input Validation) | 5.3 | Implemented strict server-side and client-side input validation, output encoding, input sanitization, input length restrictions, character whitelisting, and secure handling of user-supplied data. |
| Web & API | Security Misconfiguration | 3.1 - 3.5 | Strengthened protection of sensitive credentials, secured configuration settings, restricted unauthorized modifications, and enhanced security configuration management controls. |
Components Upgraded
AppViewX periodically reviews the third-party components used as part of the product
vulnerabilities, End of Life, and upgrades the tools as part of every major release.
The components that are upgraded as part of the AppViewX v2026.2.0.0 - SaaS release
are as follows:
| Component | Version |
|---|---|
| docker.io/prom/prometheus | v3.5.0 |
| docker.io/istio/operator | v1.29.1 |
| docker.io/istio/pilot | v1.29.1 |
| docker.io/istio/proxyv2 | v1.29.1 |
| metrics-server | v0.8.1 |
| kube-metrics-adapter | v0.2.7 |
| redis | v8.4.0 |
| redis-exporter | v1.80.2 |
| quay.io/strimzi/kafka | v0.50.0-kafka-4.0.0 |
| quay.io/strimzi/operator | v0.50.0 |
| elastic/apm-server | v9.2.4 |
| redis/redis-stack-server | v7.4.0-v8 |
| alpine | v3.23.3 |
| kube-state-metrics | v2.18.0 |
| node-exporter | v1.10.2 |
| alertmanager | v0.30.1 |
| docker.io/amazon/aws-efs-csi-driver | v2.3.0 |
| registry.k8s.io/autoscaling/cluster-autoscaler | v1.34.2 |
| gallery.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver | v1.55.0 |
| aws-load-balancer-controller | v3.0.0 |
The Cloud Connector components that are upgraded as part of the AppViewX v2026.2.0.0
- SaaS release are as follows:
| Component | Version |
|---|---|
| ghcr.io/k3d-io/k3d-tools | v5.8.3 |
| rancher/local-path-provisioner | v0.0.34 |
| rancher/mirrored-coredns-coredns | v1.14.1 |
| rancher/k3s | v1.35.1-k3s1 |
| rancher/mirrored-pause | v3.6 |
| K3s binary | v1.35.1-k3s1 |
| Helm binary | v4.1.1 |
| K3d binary | v5.8.3 |
Questions or Security Concerns?
Please reach out to the AppViewX Enterprise Information Security at [email protected] for any queries related to the product security.
