849 matches found
GHSA-XCGV-8MV7-V8C7 vulnerabilities
Vulnerabilities for packages: cloud-sql-proxy, commercial-chainloop-backend, terraform-fips, kots, gitlab-workhorse-ce, kube-arangodb-fips, nerdctl-fips, containerd, art, cilium-cli, flux, kubernetes-dashboard, istio, kyverno-policy-reporter-plugins-kyverno, src, grafana-operator-fips,...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: harbor-scanner-trivy-fips, bento-fips, git-lfs-fips, helm-diff-fips, task-fips, terraform-provider-time-fips, crossplane-provider-aws-cloudtrail, docker-machine-driver-harvester, aws-network-policy-agent-fips, amazon-ecs-agent-fips,...
CVE-2026-53935
Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...
CVE-2026-53935
Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...
CVE-2026-53935
Summary: CVE-2026-53935 affects Cilium versions prior to 1.17.16, 1.18.2–1.18.9, and 1.19.0–1.19.3. An attacker who can create a CiliumLocalRedirectPolicy may specify arbitrary ClusterIPs via addressMatcher, enabling cross-namespace traffic hijacking to Services and bypassing serviceMatcher names...
GO-2026-5914 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium...
GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...
PT-2026-56056
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...
PT-2026-56051
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: chisel-fips, flux-source-controller-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, drone-fips, cilium, kubernetes-dashboard, istio, skaffold-fips, frankenphp-8.5, knative-kafka-broker, coder, flux-source-controller, tekton-pipelines, frankenphp-8.2,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: chisel-fips, flux-source-controller-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, drone-fips, cilium, kubernetes-dashboard, istio, skaffold-fips, frankenphp-8.5, knative-kafka-broker, docker-machine-driver-harvester, coder, flux-source-controller,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: kots, kube-arangodb-fips, containerd, cilium-cli, flux, cilium, kubernetes-dashboard, istio, frankenphp-8.5, knative-kafka-broker, tekton-pipelines, frankenphp-8.2, prometheus-fips, argo-workflows-fips, omnictl-multiarch, harbor, nerdctl, minio, buildah, zot,...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: terraform-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, cilium, kubernetes-dashboard, istio, frankenphp-8.5, knative-kafka-broker, tekton-pipelines, frankenphp-8.2, prometheus-fips, argo-workflows-fips, omnictl-multiarch, harbor, nerdctl, minio,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, spire-server, minio, opentelemetry-collector, mattermost, knative-serving, skaffold, argo-cd, istio, kubernetes, loki, gitea, telegraf, zot,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: aactl, k9s, tflint, gitlab-kas, neuvector-sigstore-interface, syft, kubescape, kubernetes-dashboard, minio, buildah, podman, eksctl, knative-serving, pulumi-language-dotnet, caddy, flux-kustomize-controller, istio, dagger, k8sgpt, nuclei, rancher-agent,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, nfpm, act, witness, syft, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, chezmoi, scorecard, minio, opentelemetry-collector, spire-server, podman, mattermost, knative-serving,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: aactl, external-dns, kine, gitlab-kas, nerdctl, kubernetes-dashboard, cilium, spire-server, minio, buildah, opentelemetry-collector, podman, mattermost, knative-serving, argo-cd, istio, kubernetes, loki, telegraf, zot, cloud-provider-aws, rancher, rancher-agent,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, spire-server, minio, opentelemetry-collector, mattermost, knative-serving, skaffold, argo-cd, istio, kubernetes, loki, gitea, telegraf, zot,...
CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945
The CVE-2026-52945 entry describes a Linux kernel vulnerability in the WireGuard component where enabling threaded NAPI can cause the decryption path for a WireGuard peer to stall under heavy network load (notably with Cilium), effectively causing a DoS for that peer while other peers remain func...