Lucene search
K

27 matches found

NVD
NVD
added 2026/04/06 5:17 p.m.4 views

CVE-2026-34992

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fail...

7.5CVSS0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/04/06 7:49 a.m.5 views

BIT-HUBBLE-RELAY-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 7:45 a.m.3 views

BIT-CILIUM-OPERATOR-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 7:45 a.m.23 views

BIT-CILIUM-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/03 4:2 a.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30013

Name of the Vulnerable Software and Affected Versions Antrea versions prior to 2.4.5 and 2.5.2 Description Antrea, a Kubernetes networking solution, has a missing encryption issue affecting inter-Node Pod traffic. In dual-stack networking clusters with IPsec encryption enabled...

7.5CVSS5.8AI score0.00121EPSS
Exploits0References11
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/03 12:0 a.m.10 views

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/27 12:23 a.m.6 views

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References8
CVE
CVE
added 2026/03/27 12:23 a.m.30 views

CVE-2026-33726

CVE-2026-33726 affects Cilium’s eBPF dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 12:23 a.m.4 views

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.9AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 4:48 p.m.6 views

GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/26 4:48 p.m.7 views

EUVD-2026-16503

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 4:48 p.m.6 views

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.7AI score0.00244EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.3 views

SUSE CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.7AI score0.00126EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.214 views

📄 Cilium 1.18.5 Traffic Bypass

This Python proof of concept script performs a comprehensive node-level analysis to assess a vulnerability in Cilium versions 1.18.0 through 1.18.5 that allows cross-node Pod traffic to bypass Host Firewall policies when Native Routing, WireGuard, and Node Encryption are enabled...

6.1CVSS5.6AI score0.00126EPSS
Exploits1
OSV
OSV
added 2026/02/20 12:16 a.m.4 views

UBUNTU-CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/20 12:0 a.m.5 views

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:38 p.m.4 views

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20966

Name of the Vulnerable Software and Affected Versions Cilium versions 1.18.0 through 1.18.5 Description Cilium, a networking, observability, and security solution utilizing an eBPF-based dataplane, is affected by an issue where traffic from Pods on other nodes may be incorrectly permitted. This...

9.9CVSS5.4AI score0.27661EPSS
Exploits45References124
Rows per page
Query Builder