Lucene search
K

15 matches found

OSV
OSV
added 2026/04/06 7:49 a.m.5 views

BIT-HUBBLE-RELAY-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 7:45 a.m.3 views

BIT-CILIUM-OPERATOR-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 7:45 a.m.6 views

BIT-CILIUM-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.4 views

SUSE CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 1:16 a.m.5 views

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS0.00244EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/27 12:23 a.m.28 views

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS0.00244EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:23 a.m.4 views

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 12:23 a.m.3 views

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS5.9AI score0.00244EPSS
Exploits0References6
CVE
CVE
added 2026/03/27 12:23 a.m.29 views

CVE-2026-33726

CVE-2026-33726 affects Cilium’s eBPF dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 12:23 a.m.6 views

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

5.4CVSS6.3AI score0.00244EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/26 4:48 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the ciltocontainer and bpflxc local-backend packet path in the datapath components. An attacker can bypass ingress network policies and reach a local backend pod by sending traffic through an L7 load...

5.4CVSS6.4AI score0.00244EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 4:48 p.m.6 views

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.7AI score0.00244EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/26 4:48 p.m.6 views

GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28513

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.17.14 Cilium versions 1.18.0 through 1.18.7 Cilium versions 1.19.0 through 1.19.1 Description Cilium is a networking, observability, and security solution utilizing an eBPF-based dataplane. Ingress Network Policies a...

10CVSS5.9AI score0.03256EPSS
Exploits67References157
Rows per page
Query Builder