CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/06 4:31 p.m.•1 views

CVE-2026-34992 Missing Encryption of Sensitive Data in antrea.io/antrea

7.1CVSS5.9AI score0.0001EPSS

CVE•added 2026/04/06 4:31 p.m.•7 views

CVE-2026-34992

CVE-2026-34992 pertains to Antrea (Kubernetes networking). In dual-stack clusters with IPsec (trafficEncryptionMode: ipsec), IPv6 Pod traffic is not encrypted while IPv4 traffic is secured by ESP; packets are encapsulated (Geneve/VXLAN) but bypass the IPsec layer. Impacted users run dual-stack co...

Exploits0References5Affected Software1

OSV•added 2026/04/03 4:2 a.m.•10 views

GHSA-QCMW-8MM4-4P28 Antrea has Missing Encryption of Sensitive Data

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

7.5CVSS5.8AI score0.0001EPSS

Exploits0References7

Snyk•added 2026/04/03 4:2 a.m.•1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...

Github Security Blog•added 2026/04/03 4:2 a.m.•4 views

Antrea has Missing Encryption of Sensitive Data

7.5CVSS5.8AI score0.0001EPSS

Exploits0References7Affected Software1

Snyk•added 2026/04/03 4:2 a.m.•1 views

Missing Encryption of Sensitive Data

Snyk•added 2026/04/03 4:2 a.m.•2 views

Missing Encryption of Sensitive Data

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30013

7.1CVSS5.8AI score0.0001EPSS

Exploits0References8

GitLab Advisory Database•added 2026/04/03 12:0 a.m.•6 views

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

Exploits0References7Affected Software1

CNNVD•added 2026/03/27 12:0 a.m.•3 views

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. There were security vulnerabilities in versions of Cilium prior to...

5.4CVSS6.4AI score0.00011EPSS

Exploits0References6

RedhatCVE•added 2026/02/20 10:40 a.m.•3 views

CVE-2026-26963

A flaw was found in Cilium. When specific network configurations, including Native Routing, WireGuard, and Node Encryption, are enabled, Cilium incorrectly allows network traffic from Pods on other nodes. This can lead to unauthorized access to network communications and potential information...

6.1CVSS5.4AI score0.00006EPSS

Exploits1References7

CNNVD•added 2026/02/20 12:0 a.m.•3 views

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...

6.1CVSS5.8AI score0.00006EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-2095

Malware in sbrugna...

4.9CVSS5.2AI score0.00379EPSS

Exploits0References10

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2021-25737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creati...

4.9CVSS5.8AI score0.00379EPSS

OSV•added 2025/03/20 5:15 p.m.•0 views

UBUNTU-CVE-2024-7598

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS6.6AI score0.00007EPSS

CNNVD•added 2024/02/20 12:0 a.m.•2 views

Cilium Security Vulnerabilities

Cilium is an open source software. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in versions of Cilium prior to v1.14.7 that stems from traffic...

6.1CVSS6.7AI score0.00051EPSS

SUSE CVE•added 2023/02/15 3:44 a.m.•1 views

SUSE CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

2.7CVSS7.9AI score0.00379EPSS

Exploits0References3

OSV•added 2021/09/07 11:9 p.m.•29 views

GHSA-MFV7-GQ43-W965 Incomplete List of Disallowed Inputs in Kubernetes

4.8CVSS5.1AI score0.00379EPSS