BIT-HUBBLE-RELAY-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

BIT-CILIUM-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

BIT-CILIUM-OPERATOR-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-25998

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

CVE-2026-26963

A flaw was found in Cilium. When specific network configurations, including Native Routing, WireGuard, and Node Encryption, are enabled, Cilium incorrectly allows network traffic from Pods on other nodes. This can lead to unauthorized access to network communications and potential information...

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

UBUNTU-CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

PT-2026-21227

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to incorrect handling of network traffic permissions when certain network configurations, such as Native Routing, WireGuard, and Node Encryption, are enabled. An attacker can gain unauthorized access t...

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-26963

CVE-2026-26963 affects Cilium: vulnerable in versions 1.18.0–1.18.5 where traffic from Pods on other nodes can bypass isolation when Native Routing, WireGuard and Node Encryption are enabled. Root cause is the eBPF datapath handling allowing cross-node traffic leakage under those configurations. ...

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

CVE-2026-2738

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...